brent s
0203f8b0d8
ish. done-ish. it's entirely untested. CTR should work as i modeled it after PoC, and CBC *probably* works as it's straightforward, but I have no idea about the GCM. TODO.
2970 lines
112 KiB
HTML
2970 lines
112 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="generator" content="Asciidoctor 2.0.17">
|
|
<meta name="author" content="brent saner <bts@square-r00t.net>, https://r00t2.io">
|
|
<title>OpenSSH Key Structure Guide</title>
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
|
|
<style>
|
|
/*! Asciidoctor default stylesheet | MIT License | https://asciidoctor.org */
|
|
/* Uncomment the following line when using as a custom stylesheet */
|
|
/* @import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700"; */
|
|
html{font-family:sans-serif;-webkit-text-size-adjust:100%}
|
|
a{background:none}
|
|
a:focus{outline:thin dotted}
|
|
a:active,a:hover{outline:0}
|
|
h1{font-size:2em;margin:.67em 0}
|
|
b,strong{font-weight:bold}
|
|
abbr{font-size:.9em}
|
|
abbr[title]{cursor:help;border-bottom:1px dotted #dddddf;text-decoration:none}
|
|
dfn{font-style:italic}
|
|
hr{height:0}
|
|
mark{background:#ff0;color:#000}
|
|
code,kbd,pre,samp{font-family:monospace;font-size:1em}
|
|
pre{white-space:pre-wrap}
|
|
q{quotes:"\201C" "\201D" "\2018" "\2019"}
|
|
small{font-size:80%}
|
|
sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
|
|
sup{top:-.5em}
|
|
sub{bottom:-.25em}
|
|
img{border:0}
|
|
svg:not(:root){overflow:hidden}
|
|
figure{margin:0}
|
|
audio,video{display:inline-block}
|
|
audio:not([controls]){display:none;height:0}
|
|
fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
|
|
legend{border:0;padding:0}
|
|
button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
|
|
button,input{line-height:normal}
|
|
button,select{text-transform:none}
|
|
button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}
|
|
button[disabled],html input[disabled]{cursor:default}
|
|
input[type=checkbox],input[type=radio]{padding:0}
|
|
button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
|
|
textarea{overflow:auto;vertical-align:top}
|
|
table{border-collapse:collapse;border-spacing:0}
|
|
*,::before,::after{box-sizing:border-box}
|
|
html,body{font-size:100%}
|
|
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;line-height:1;position:relative;cursor:auto;-moz-tab-size:4;-o-tab-size:4;tab-size:4;word-wrap:anywhere;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
|
|
a:hover{cursor:pointer}
|
|
img,object,embed{max-width:100%;height:auto}
|
|
object,embed{height:100%}
|
|
img{-ms-interpolation-mode:bicubic}
|
|
.left{float:left!important}
|
|
.right{float:right!important}
|
|
.text-left{text-align:left!important}
|
|
.text-right{text-align:right!important}
|
|
.text-center{text-align:center!important}
|
|
.text-justify{text-align:justify!important}
|
|
.hide{display:none}
|
|
img,object,svg{display:inline-block;vertical-align:middle}
|
|
textarea{height:auto;min-height:50px}
|
|
select{width:100%}
|
|
.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
|
|
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0}
|
|
a{color:#2156a5;text-decoration:underline;line-height:inherit}
|
|
a:hover,a:focus{color:#1d4b8f}
|
|
a img{border:0}
|
|
p{line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
|
|
p aside{font-size:.875em;line-height:1.35;font-style:italic}
|
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
|
|
h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
|
|
h1{font-size:2.125em}
|
|
h2{font-size:1.6875em}
|
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
|
|
h4,h5{font-size:1.125em}
|
|
h6{font-size:1em}
|
|
hr{border:solid #dddddf;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em}
|
|
em,i{font-style:italic;line-height:inherit}
|
|
strong,b{font-weight:bold;line-height:inherit}
|
|
small{font-size:60%;line-height:inherit}
|
|
code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
|
|
ul,ol,dl{line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
|
|
ul,ol{margin-left:1.5em}
|
|
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0}
|
|
ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
|
|
ul.square{list-style-type:square}
|
|
ul.circle{list-style-type:circle}
|
|
ul.disc{list-style-type:disc}
|
|
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
|
|
dl dt{margin-bottom:.3125em;font-weight:bold}
|
|
dl dd{margin-bottom:1.25em}
|
|
blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
|
|
blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
|
|
@media screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
|
|
h1{font-size:2.75em}
|
|
h2{font-size:2.3125em}
|
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
|
|
h4{font-size:1.4375em}}
|
|
table{background:#fff;margin-bottom:1.25em;border:1px solid #dedede;word-wrap:normal}
|
|
table thead,table tfoot{background:#f7f8f7}
|
|
table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
|
|
table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
|
|
table tr.even,table tr.alt{background:#f8f8f7}
|
|
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{line-height:1.6}
|
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
|
|
h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
|
|
.center{margin-left:auto;margin-right:auto}
|
|
.stretch{width:100%}
|
|
.clearfix::before,.clearfix::after,.float-group::before,.float-group::after{content:" ";display:table}
|
|
.clearfix::after,.float-group::after{clear:both}
|
|
:not(pre).nobreak{word-wrap:normal}
|
|
:not(pre).nowrap{white-space:nowrap}
|
|
:not(pre).pre-wrap{white-space:pre-wrap}
|
|
:not(pre):not([class^=L])>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background:#f7f7f8;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed}
|
|
pre{color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;line-height:1.45;text-rendering:optimizeSpeed}
|
|
pre code,pre pre{color:inherit;font-size:inherit;line-height:inherit}
|
|
pre>code{display:block}
|
|
pre.nowrap,pre.nowrap pre{white-space:pre;word-wrap:normal}
|
|
em em{font-style:normal}
|
|
strong strong{font-weight:400}
|
|
.keyseq{color:rgba(51,51,51,.8)}
|
|
kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background:#f7f7f7;border:1px solid #ccc;border-radius:3px;box-shadow:0 1px 0 rgba(0,0,0,.2),inset 0 0 0 .1em #fff;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
|
|
.keyseq kbd:first-child{margin-left:0}
|
|
.keyseq kbd:last-child{margin-right:0}
|
|
.menuseq,.menuref{color:#000}
|
|
.menuseq b:not(.caret),.menuref{font-weight:inherit}
|
|
.menuseq{word-spacing:-.02em}
|
|
.menuseq b.caret{font-size:1.25em;line-height:.8}
|
|
.menuseq i.caret{font-weight:bold;text-align:center;width:.45em}
|
|
b.button::before,b.button::after{position:relative;top:-1px;font-weight:400}
|
|
b.button::before{content:"[";padding:0 3px 0 2px}
|
|
b.button::after{content:"]";padding:0 2px 0 3px}
|
|
p a>code:hover{color:rgba(0,0,0,.9)}
|
|
#header,#content,#footnotes,#footer{width:100%;margin:0 auto;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
|
|
#header::before,#header::after,#content::before,#content::after,#footnotes::before,#footnotes::after,#footer::before,#footer::after{content:" ";display:table}
|
|
#header::after,#content::after,#footnotes::after,#footer::after{clear:both}
|
|
#content{margin-top:1.25em}
|
|
#content::before{content:none}
|
|
#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
|
|
#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #dddddf}
|
|
#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #dddddf;padding-bottom:8px}
|
|
#header .details{border-bottom:1px solid #dddddf;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:flex;flex-flow:row wrap}
|
|
#header .details span:first-child{margin-left:-.125em}
|
|
#header .details span.email a{color:rgba(0,0,0,.85)}
|
|
#header .details br{display:none}
|
|
#header .details br+span::before{content:"\00a0\2013\00a0"}
|
|
#header .details br+span.author::before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
|
|
#header .details br+span#revremark::before{content:"\00a0|\00a0"}
|
|
#header #revnumber{text-transform:capitalize}
|
|
#header #revnumber::after{content:"\00a0"}
|
|
#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #dddddf;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
|
|
#toc{border-bottom:1px solid #e7e7e9;padding-bottom:.5em}
|
|
#toc>ul{margin-left:.125em}
|
|
#toc ul.sectlevel0>li>a{font-style:italic}
|
|
#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
|
|
#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
|
|
#toc li{line-height:1.3334;margin-top:.3334em}
|
|
#toc a{text-decoration:none}
|
|
#toc a:active{text-decoration:underline}
|
|
#toctitle{color:#7a2518;font-size:1.2em}
|
|
@media screen and (min-width:768px){#toctitle{font-size:1.375em}
|
|
body.toc2{padding-left:15em;padding-right:0}
|
|
#toc.toc2{margin-top:0!important;background:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #e7e7e9;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
|
|
#toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
|
|
#toc.toc2>ul{font-size:.9em;margin-bottom:0}
|
|
#toc.toc2 ul ul{margin-left:0;padding-left:1em}
|
|
#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
|
|
body.toc2.toc-right{padding-left:0;padding-right:15em}
|
|
body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #e7e7e9;left:auto;right:0}}
|
|
@media screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
|
|
#toc.toc2{width:20em}
|
|
#toc.toc2 #toctitle{font-size:1.375em}
|
|
#toc.toc2>ul{font-size:.95em}
|
|
#toc.toc2 ul ul{padding-left:1.25em}
|
|
body.toc2.toc-right{padding-left:0;padding-right:20em}}
|
|
#content #toc{border:1px solid #e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;border-radius:4px}
|
|
#content #toc>:first-child{margin-top:0}
|
|
#content #toc>:last-child{margin-bottom:0}
|
|
#footer{max-width:none;background:rgba(0,0,0,.8);padding:1.25em}
|
|
#footer-text{color:hsla(0,0%,100%,.8);line-height:1.44}
|
|
#content{margin-bottom:.625em}
|
|
.sect1{padding-bottom:.625em}
|
|
@media screen and (min-width:768px){#content{margin-bottom:1.25em}
|
|
.sect1{padding-bottom:1.25em}}
|
|
.sect1:last-child{padding-bottom:0}
|
|
.sect1+.sect1{border-top:1px solid #e7e7e9}
|
|
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
|
|
#content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
|
|
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
|
|
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
|
|
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
|
|
details,.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
|
|
details{margin-left:1.25rem}
|
|
details>summary{cursor:pointer;display:block;position:relative;line-height:1.6;margin-bottom:.625rem;outline:none;-webkit-tap-highlight-color:transparent}
|
|
details>summary::-webkit-details-marker{display:none}
|
|
details>summary::before{content:"";border:solid transparent;border-left:solid;border-width:.3em 0 .3em .5em;position:absolute;top:.5em;left:-1.25rem;transform:translateX(15%)}
|
|
details[open]>summary::before{border:solid transparent;border-top:solid;border-width:.5em .3em 0;transform:translateY(15%)}
|
|
details>summary::after{content:"";width:1.25rem;height:1em;position:absolute;top:.3em;left:-1.25rem}
|
|
.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
|
|
table.tableblock.fit-content>caption.title{white-space:nowrap;width:0}
|
|
.paragraph.lead>p,#preamble>.sectionbody>[class=paragraph]:first-of-type p{font-size:1.21875em;line-height:1.6;color:rgba(0,0,0,.85)}
|
|
.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
|
|
.admonitionblock>table td.icon{text-align:center;width:80px}
|
|
.admonitionblock>table td.icon img{max-width:none}
|
|
.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
|
|
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #dddddf;color:rgba(0,0,0,.6);word-wrap:anywhere}
|
|
.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
|
|
.exampleblock>.content{border:1px solid #e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;border-radius:4px}
|
|
.exampleblock>.content>:first-child{margin-top:0}
|
|
.exampleblock>.content>:last-child{margin-bottom:0}
|
|
.sidebarblock{border:1px solid #dbdbd6;margin-bottom:1.25em;padding:1.25em;background:#f3f3f2;border-radius:4px}
|
|
.sidebarblock>:first-child{margin-top:0}
|
|
.sidebarblock>:last-child{margin-bottom:0}
|
|
.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
|
|
.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
|
|
.literalblock pre,.listingblock>.content>pre{border-radius:4px;overflow-x:auto;padding:1em;font-size:.8125em}
|
|
@media screen and (min-width:768px){.literalblock pre,.listingblock>.content>pre{font-size:.90625em}}
|
|
@media screen and (min-width:1280px){.literalblock pre,.listingblock>.content>pre{font-size:1em}}
|
|
.literalblock pre,.listingblock>.content>pre:not(.highlight),.listingblock>.content>pre[class=highlight],.listingblock>.content>pre[class^="highlight "]{background:#f7f7f8}
|
|
.literalblock.output pre{color:#f7f7f8;background:rgba(0,0,0,.9)}
|
|
.listingblock>.content{position:relative}
|
|
.listingblock code[data-lang]::before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:inherit;opacity:.5}
|
|
.listingblock:hover code[data-lang]::before{display:block}
|
|
.listingblock.terminal pre .command::before{content:attr(data-prompt);padding-right:.5em;color:inherit;opacity:.5}
|
|
.listingblock.terminal pre .command:not([data-prompt])::before{content:"$"}
|
|
.listingblock pre.highlightjs{padding:0}
|
|
.listingblock pre.highlightjs>code{padding:1em;border-radius:4px}
|
|
.listingblock pre.prettyprint{border-width:0}
|
|
.prettyprint{background:#f7f7f8}
|
|
pre.prettyprint .linenums{line-height:1.45;margin-left:2em}
|
|
pre.prettyprint li{background:none;list-style-type:inherit;padding-left:0}
|
|
pre.prettyprint li code[data-lang]::before{opacity:1}
|
|
pre.prettyprint li:not(:first-child) code[data-lang]::before{display:none}
|
|
table.linenotable{border-collapse:separate;border:0;margin-bottom:0;background:none}
|
|
table.linenotable td[class]{color:inherit;vertical-align:top;padding:0;line-height:inherit;white-space:normal}
|
|
table.linenotable td.code{padding-left:.75em}
|
|
table.linenotable td.linenos,pre.pygments .linenos{border-right:1px solid;opacity:.35;padding-right:.5em;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}
|
|
pre.pygments span.linenos{display:inline-block;margin-right:.75em}
|
|
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
|
|
.quoteblock:not(.excerpt)>.title{margin-left:-1.5em;margin-bottom:.75em}
|
|
.quoteblock blockquote,.quoteblock p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
|
|
.quoteblock blockquote{margin:0;padding:0;border:0}
|
|
.quoteblock blockquote::before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
|
|
.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
|
|
.quoteblock .attribution{margin-top:.75em;margin-right:.5ex;text-align:right}
|
|
.verseblock{margin:0 1em 1.25em}
|
|
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans-serif;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
|
|
.verseblock pre strong{font-weight:400}
|
|
.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
|
|
.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
|
|
.quoteblock .attribution br,.verseblock .attribution br{display:none}
|
|
.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)}
|
|
.quoteblock.abstract blockquote::before,.quoteblock.excerpt blockquote::before,.quoteblock .quoteblock blockquote::before{display:none}
|
|
.quoteblock.abstract blockquote,.quoteblock.abstract p,.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{line-height:1.6;word-spacing:0}
|
|
.quoteblock.abstract{margin:0 1em 1.25em;display:block}
|
|
.quoteblock.abstract>.title{margin:0 0 .375em;font-size:1.15em;text-align:center}
|
|
.quoteblock.excerpt>blockquote,.quoteblock .quoteblock{padding:0 0 .25em 1em;border-left:.25em solid #dddddf}
|
|
.quoteblock.excerpt,.quoteblock .quoteblock{margin-left:0}
|
|
.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{color:inherit;font-size:1.0625rem}
|
|
.quoteblock.excerpt .attribution,.quoteblock .quoteblock .attribution{color:inherit;font-size:.85rem;text-align:left;margin-right:0}
|
|
p.tableblock:last-child{margin-bottom:0}
|
|
td.tableblock>.content{margin-bottom:1.25em;word-wrap:anywhere}
|
|
td.tableblock>.content>:last-child{margin-bottom:-1.25em}
|
|
table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
|
|
table.grid-all>*>tr>*{border-width:1px}
|
|
table.grid-cols>*>tr>*{border-width:0 1px}
|
|
table.grid-rows>*>tr>*{border-width:1px 0}
|
|
table.frame-all{border-width:1px}
|
|
table.frame-ends{border-width:1px 0}
|
|
table.frame-sides{border-width:0 1px}
|
|
table.frame-none>colgroup+*>:first-child>*,table.frame-sides>colgroup+*>:first-child>*{border-top-width:0}
|
|
table.frame-none>:last-child>:last-child>*,table.frame-sides>:last-child>:last-child>*{border-bottom-width:0}
|
|
table.frame-none>*>tr>:first-child,table.frame-ends>*>tr>:first-child{border-left-width:0}
|
|
table.frame-none>*>tr>:last-child,table.frame-ends>*>tr>:last-child{border-right-width:0}
|
|
table.stripes-all>*>tr,table.stripes-odd>*>tr:nth-of-type(odd),table.stripes-even>*>tr:nth-of-type(even),table.stripes-hover>*>tr:hover{background:#f8f8f7}
|
|
th.halign-left,td.halign-left{text-align:left}
|
|
th.halign-right,td.halign-right{text-align:right}
|
|
th.halign-center,td.halign-center{text-align:center}
|
|
th.valign-top,td.valign-top{vertical-align:top}
|
|
th.valign-bottom,td.valign-bottom{vertical-align:bottom}
|
|
th.valign-middle,td.valign-middle{vertical-align:middle}
|
|
table thead th,table tfoot th{font-weight:bold}
|
|
tbody tr th{background:#f7f8f7}
|
|
tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
|
|
p.tableblock>code:only-child{background:none;padding:0}
|
|
p.tableblock{font-size:1em}
|
|
ol{margin-left:1.75em}
|
|
ul li ol{margin-left:1.5em}
|
|
dl dd{margin-left:1.125em}
|
|
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
|
|
li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
|
ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none}
|
|
ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em}
|
|
ul.unstyled,ol.unstyled{margin-left:0}
|
|
li>p:empty:only-child::before{content:"";display:inline-block}
|
|
ul.checklist>li>p:first-child{margin-left:-1em}
|
|
ul.checklist>li>p:first-child>.fa-square-o:first-child,ul.checklist>li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
|
|
ul.checklist>li>p:first-child>input[type=checkbox]:first-child{margin-right:.25em}
|
|
ul.inline{display:flex;flex-flow:row wrap;list-style:none;margin:0 0 .625em -1.25em}
|
|
ul.inline>li{margin-left:1.25em}
|
|
.unstyled dl dt{font-weight:400;font-style:normal}
|
|
ol.arabic{list-style-type:decimal}
|
|
ol.decimal{list-style-type:decimal-leading-zero}
|
|
ol.loweralpha{list-style-type:lower-alpha}
|
|
ol.upperalpha{list-style-type:upper-alpha}
|
|
ol.lowerroman{list-style-type:lower-roman}
|
|
ol.upperroman{list-style-type:upper-roman}
|
|
ol.lowergreek{list-style-type:lower-greek}
|
|
.hdlist>table,.colist>table{border:0;background:none}
|
|
.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
|
|
td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
|
|
td.hdlist1{font-weight:bold;padding-bottom:1.25em}
|
|
td.hdlist2{word-wrap:anywhere}
|
|
.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
|
|
.colist td:not([class]):first-child{padding:.4em .75em 0;line-height:1;vertical-align:top}
|
|
.colist td:not([class]):first-child img{max-width:none}
|
|
.colist td:not([class]):last-child{padding:.25em 0}
|
|
.thumb,.th{line-height:0;display:inline-block;border:4px solid #fff;box-shadow:0 0 0 1px #ddd}
|
|
.imageblock.left{margin:.25em .625em 1.25em 0}
|
|
.imageblock.right{margin:.25em 0 1.25em .625em}
|
|
.imageblock>.title{margin-bottom:0}
|
|
.imageblock.thumb,.imageblock.th{border-width:6px}
|
|
.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
|
|
.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
|
|
.image.left{margin-right:.625em}
|
|
.image.right{margin-left:.625em}
|
|
a.image{text-decoration:none;display:inline-block}
|
|
a.image object{pointer-events:none}
|
|
sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super}
|
|
sup.footnote a,sup.footnoteref a{text-decoration:none}
|
|
sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
|
|
#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
|
|
#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em;border-width:1px 0 0}
|
|
#footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;margin-bottom:.2em}
|
|
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none;margin-left:-1.05em}
|
|
#footnotes .footnote:last-of-type{margin-bottom:0}
|
|
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
|
|
div.unbreakable{page-break-inside:avoid}
|
|
.big{font-size:larger}
|
|
.small{font-size:smaller}
|
|
.underline{text-decoration:underline}
|
|
.overline{text-decoration:overline}
|
|
.line-through{text-decoration:line-through}
|
|
.aqua{color:#00bfbf}
|
|
.aqua-background{background:#00fafa}
|
|
.black{color:#000}
|
|
.black-background{background:#000}
|
|
.blue{color:#0000bf}
|
|
.blue-background{background:#0000fa}
|
|
.fuchsia{color:#bf00bf}
|
|
.fuchsia-background{background:#fa00fa}
|
|
.gray{color:#606060}
|
|
.gray-background{background:#7d7d7d}
|
|
.green{color:#006000}
|
|
.green-background{background:#007d00}
|
|
.lime{color:#00bf00}
|
|
.lime-background{background:#00fa00}
|
|
.maroon{color:#600000}
|
|
.maroon-background{background:#7d0000}
|
|
.navy{color:#000060}
|
|
.navy-background{background:#00007d}
|
|
.olive{color:#606000}
|
|
.olive-background{background:#7d7d00}
|
|
.purple{color:#600060}
|
|
.purple-background{background:#7d007d}
|
|
.red{color:#bf0000}
|
|
.red-background{background:#fa0000}
|
|
.silver{color:#909090}
|
|
.silver-background{background:#bcbcbc}
|
|
.teal{color:#006060}
|
|
.teal-background{background:#007d7d}
|
|
.white{color:#bfbfbf}
|
|
.white-background{background:#fafafa}
|
|
.yellow{color:#bfbf00}
|
|
.yellow-background{background:#fafa00}
|
|
span.icon>.fa{cursor:default}
|
|
a span.icon>.fa{cursor:inherit}
|
|
.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
|
|
.admonitionblock td.icon .icon-note::before{content:"\f05a";color:#19407c}
|
|
.admonitionblock td.icon .icon-tip::before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
|
|
.admonitionblock td.icon .icon-warning::before{content:"\f071";color:#bf6900}
|
|
.admonitionblock td.icon .icon-caution::before{content:"\f06d";color:#bf3400}
|
|
.admonitionblock td.icon .icon-important::before{content:"\f06a";color:#bf0000}
|
|
.conum[data-value]{display:inline-block;color:#fff!important;background:rgba(0,0,0,.8);border-radius:50%;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
|
|
.conum[data-value] *{color:#fff!important}
|
|
.conum[data-value]+b{display:none}
|
|
.conum[data-value]::after{content:attr(data-value)}
|
|
pre .conum[data-value]{position:relative;top:-.125em}
|
|
b.conum *{color:inherit!important}
|
|
.conum:not([data-value]):empty{display:none}
|
|
dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
|
|
h1,h2,p,td.content,span.alt,summary{letter-spacing:-.01em}
|
|
p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
|
|
p,blockquote,dt,td.content,span.alt,summary{font-size:1.0625rem}
|
|
p{margin-bottom:1.25rem}
|
|
.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
|
|
.exampleblock>.content{background:#fffef7;border-color:#e0e0dc;box-shadow:0 1px 4px #e0e0dc}
|
|
.print-only{display:none!important}
|
|
@page{margin:1.25cm .75cm}
|
|
@media print{*{box-shadow:none!important;text-shadow:none!important}
|
|
html{font-size:80%}
|
|
a{color:inherit!important;text-decoration:underline!important}
|
|
a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
|
|
a[href^="http:"]:not(.bare)::after,a[href^="https:"]:not(.bare)::after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
|
|
abbr[title]{border-bottom:1px dotted}
|
|
abbr[title]::after{content:" (" attr(title) ")"}
|
|
pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
|
|
thead{display:table-header-group}
|
|
svg{max-width:100%}
|
|
p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
|
|
h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
|
|
#header,#content,#footnotes,#footer{max-width:none}
|
|
#toc,.sidebarblock,.exampleblock>.content{background:none!important}
|
|
#toc{border-bottom:1px solid #dddddf!important;padding-bottom:0!important}
|
|
body.book #header{text-align:center}
|
|
body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em}
|
|
body.book #header .details{border:0!important;display:block;padding:0!important}
|
|
body.book #header .details span:first-child{margin-left:0!important}
|
|
body.book #header .details br{display:block}
|
|
body.book #header .details br+span::before{content:none!important}
|
|
body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
|
|
body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
|
|
.listingblock code[data-lang]::before{display:block}
|
|
#footer{padding:0 .9375em}
|
|
.hide-on-print{display:none!important}
|
|
.print-only{display:block!important}
|
|
.hide-for-print{display:none!important}
|
|
.show-for-print{display:inherit!important}}
|
|
@media amzn-kf8,print{#header>h1:first-child{margin-top:1.25rem}
|
|
.sect1{padding:0!important}
|
|
.sect1+.sect1{border:0}
|
|
#footer{background:none}
|
|
#footer-text{color:rgba(0,0,0,.6);font-size:.9em}}
|
|
@media amzn-kf8{#header,#content,#footnotes,#footer{padding:0}}
|
|
</style>
|
|
<style>
|
|
pre.rouge table td { padding: 5px; }
|
|
pre.rouge table pre { margin: 0; }
|
|
pre.rouge .cm {
|
|
color: #999988;
|
|
font-style: italic;
|
|
}
|
|
pre.rouge .cp {
|
|
color: #999999;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .c1 {
|
|
color: #999988;
|
|
font-style: italic;
|
|
}
|
|
pre.rouge .cs {
|
|
color: #999999;
|
|
font-weight: bold;
|
|
font-style: italic;
|
|
}
|
|
pre.rouge .c, pre.rouge .ch, pre.rouge .cd, pre.rouge .cpf {
|
|
color: #999988;
|
|
font-style: italic;
|
|
}
|
|
pre.rouge .err {
|
|
color: #a61717;
|
|
background-color: #e3d2d2;
|
|
}
|
|
pre.rouge .gd {
|
|
color: #000000;
|
|
background-color: #ffdddd;
|
|
}
|
|
pre.rouge .ge {
|
|
color: #000000;
|
|
font-style: italic;
|
|
}
|
|
pre.rouge .gr {
|
|
color: #aa0000;
|
|
}
|
|
pre.rouge .gh {
|
|
color: #999999;
|
|
}
|
|
pre.rouge .gi {
|
|
color: #000000;
|
|
background-color: #ddffdd;
|
|
}
|
|
pre.rouge .go {
|
|
color: #888888;
|
|
}
|
|
pre.rouge .gp {
|
|
color: #555555;
|
|
}
|
|
pre.rouge .gs {
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .gu {
|
|
color: #aaaaaa;
|
|
}
|
|
pre.rouge .gt {
|
|
color: #aa0000;
|
|
}
|
|
pre.rouge .kc {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .kd {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .kn {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .kp {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .kr {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .kt {
|
|
color: #445588;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .k, pre.rouge .kv {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .mf {
|
|
color: #009999;
|
|
}
|
|
pre.rouge .mh {
|
|
color: #009999;
|
|
}
|
|
pre.rouge .il {
|
|
color: #009999;
|
|
}
|
|
pre.rouge .mi {
|
|
color: #009999;
|
|
}
|
|
pre.rouge .mo {
|
|
color: #009999;
|
|
}
|
|
pre.rouge .m, pre.rouge .mb, pre.rouge .mx {
|
|
color: #009999;
|
|
}
|
|
pre.rouge .sa {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .sb {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .sc {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .sd {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .s2 {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .se {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .sh {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .si {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .sx {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .sr {
|
|
color: #009926;
|
|
}
|
|
pre.rouge .s1 {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .ss {
|
|
color: #990073;
|
|
}
|
|
pre.rouge .s, pre.rouge .dl {
|
|
color: #d14;
|
|
}
|
|
pre.rouge .na {
|
|
color: #008080;
|
|
}
|
|
pre.rouge .bp {
|
|
color: #999999;
|
|
}
|
|
pre.rouge .nb {
|
|
color: #0086B3;
|
|
}
|
|
pre.rouge .nc {
|
|
color: #445588;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .no {
|
|
color: #008080;
|
|
}
|
|
pre.rouge .nd {
|
|
color: #3c5d5d;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .ni {
|
|
color: #800080;
|
|
}
|
|
pre.rouge .ne {
|
|
color: #990000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .nf, pre.rouge .fm {
|
|
color: #990000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .nl {
|
|
color: #990000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .nn {
|
|
color: #555555;
|
|
}
|
|
pre.rouge .nt {
|
|
color: #000080;
|
|
}
|
|
pre.rouge .vc {
|
|
color: #008080;
|
|
}
|
|
pre.rouge .vg {
|
|
color: #008080;
|
|
}
|
|
pre.rouge .vi {
|
|
color: #008080;
|
|
}
|
|
pre.rouge .nv, pre.rouge .vm {
|
|
color: #008080;
|
|
}
|
|
pre.rouge .ow {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .o {
|
|
color: #000000;
|
|
font-weight: bold;
|
|
}
|
|
pre.rouge .w {
|
|
color: #bbbbbb;
|
|
}
|
|
pre.rouge {
|
|
background-color: #f8f8f8;
|
|
}
|
|
</style>
|
|
<!-- https://stackoverflow.com/a/34481639 -->
|
|
<!-- Generate a nice TOC -->
|
|
<script src="https://code.jquery.com/jquery-1.11.3.min.js"></script>
|
|
<script src="https://code.jquery.com/ui/1.11.4/jquery-ui.min.js"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.tocify/1.9.0/javascripts/jquery.tocify.min.js"></script>
|
|
<!-- We do not need the tocify CSS because the asciidoc CSS already provides most of what we neeed -->
|
|
|
|
<style>
|
|
.tocify-header {
|
|
font-style: italic;
|
|
}
|
|
|
|
.tocify-subheader {
|
|
font-style: normal;
|
|
font-size: 90%;
|
|
}
|
|
|
|
.tocify ul {
|
|
margin: 0;
|
|
}
|
|
|
|
.tocify-focus {
|
|
color: #7a2518;
|
|
background-color: rgba(0, 0, 0, 0.1);
|
|
}
|
|
|
|
.tocify-focus > a {
|
|
color: #7a2518;
|
|
}
|
|
</style>
|
|
|
|
<script type="text/javascript">
|
|
$(function () {
|
|
// Add a new container for the tocify toc into the existing toc so we can re-use its
|
|
// styling
|
|
$("#toc").append("<div id='generated-toc'></div>");
|
|
$("#generated-toc").tocify({
|
|
extendPage: true,
|
|
context: "#content",
|
|
highlightOnScroll: true,
|
|
hideEffect: "slideUp",
|
|
// Use the IDs that asciidoc already provides so that TOC links and intra-document
|
|
// links are the same. Anything else might confuse users when they create bookmarks.
|
|
hashGenerator: function(text, element) {
|
|
return $(element).attr("id");
|
|
},
|
|
// Smooth scrolling doesn't work properly if we use the asciidoc IDs
|
|
smoothScroll: false,
|
|
// Set to 'none' to use the tocify classes
|
|
theme: "none",
|
|
// Handle book (may contain h1) and article (only h2 deeper)
|
|
selectors: $( "#content" ).has( "h1" ).size() > 0 ? "h1,h2,h3,h4,h5" : "h2,h3,h4,h5",
|
|
ignoreSelector: ".discrete"
|
|
});
|
|
|
|
// Switch between static asciidoc toc and dynamic tocify toc based on browser size
|
|
// This is set to match the media selectors in the asciidoc CSS
|
|
// Without this, we keep the dynamic toc even if it is moved from the side to preamble
|
|
// position which will cause odd scrolling behavior
|
|
var handleTocOnResize = function() {
|
|
if ($(document).width() < 768) {
|
|
$("#generated-toc").hide();
|
|
$(".sectlevel0").show();
|
|
$(".sectlevel1").show();
|
|
}
|
|
else {
|
|
$("#generated-toc").show();
|
|
$(".sectlevel0").hide();
|
|
$(".sectlevel1").hide();
|
|
}
|
|
}
|
|
|
|
$(window).resize(handleTocOnResize);
|
|
handleTocOnResize();
|
|
});
|
|
</script>
|
|
|
|
</head>
|
|
<body class="book toc2 toc-left">
|
|
<div id="header">
|
|
<h1>OpenSSH Key Structure Guide</h1>
|
|
<div class="details">
|
|
<span id="author" class="author">brent saner <bts@square-r00t.net>, https://r00t2.io</span><br>
|
|
<span id="revdate">Last updated 2022-04-29 02:49:33 -0400</span>
|
|
</div>
|
|
<div id="toc" class="toc2">
|
|
<div id="toctitle">Table of Contents</div>
|
|
<ul class="sectlevel1">
|
|
<li><a href="#purpose">1. Purpose</a></li>
|
|
<li><a href="#basic_introduction">2. Basic Introduction</a>
|
|
<ul class="sectlevel2">
|
|
<li><a href="#legacy">2.1. Legacy</a>
|
|
<ul class="sectlevel3">
|
|
<li><a href="#private_keys">2.1.1. Private Keys</a></li>
|
|
<li><a href="#public_keys">2.1.2. Public Keys</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#new_v1_format">2.2. New "v1" Format</a>
|
|
<ul class="sectlevel3">
|
|
<li><a href="#private_keys_2">2.2.1. Private Keys</a></li>
|
|
<li><a href="#public_keys_2">2.2.2. Public Keys</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#keytype_specific_breakdowns">3. Keytype-Specific Breakdowns</a>
|
|
<ul class="sectlevel2">
|
|
<li><a href="#rsa">3.1. RSA</a>
|
|
<ul class="sectlevel3">
|
|
<li><a href="#public">3.1.1. Public</a>
|
|
<ul class="sectlevel4">
|
|
<li><a href="#structure">3.1.1.1. Structure</a></li>
|
|
<li><a href="#example">3.1.1.2. Example</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#private">3.1.2. Private</a>
|
|
<ul class="sectlevel4">
|
|
<li><a href="#legacy_plain">3.1.2.1. Legacy (Plain)</a>
|
|
<ul class="sectlevel5">
|
|
<li><a href="#struct_rsa_plain_legacy">3.1.2.1.1. Structure</a></li>
|
|
<li><a href="#bytes_rsa_plain_legacy">3.1.2.1.2. Example</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#legacy_encrypted">3.1.2.2. Legacy (Encrypted)</a>
|
|
<ul class="sectlevel5">
|
|
<li><a href="#struct_rsa_crypt_legacy">3.1.2.2.1. Structure</a></li>
|
|
<li><a href="#bytes_rsa_crypt_legacy">3.1.2.2.2. Example</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#v1_plain">3.1.2.3. v1 (Plain)</a>
|
|
<ul class="sectlevel5">
|
|
<li><a href="#struct_rsa_plain">3.1.2.3.1. Structure</a></li>
|
|
<li><a href="#bytes_rsa_plain">3.1.2.3.2. Example</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#v1_encrypted">3.1.2.4. v1 (Encrypted)</a>
|
|
<ul class="sectlevel5">
|
|
<li><a href="#struct_rsa_crypt">3.1.2.4.1. Structure</a></li>
|
|
<li><a href="#bytes_rsa_crypt">3.1.2.4.2. Example</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#ed25519">3.2. ED25519</a>
|
|
<ul class="sectlevel3">
|
|
<li><a href="#public_2">3.2.1. Public</a>
|
|
<ul class="sectlevel4">
|
|
<li><a href="#structure_2">3.2.1.1. Structure</a></li>
|
|
<li><a href="#example_2">3.2.1.2. Example</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#private_2">3.2.2. Private</a>
|
|
<ul class="sectlevel4">
|
|
<li><a href="#legacy_2">3.2.2.1. Legacy</a></li>
|
|
<li><a href="#v1_plain_2">3.2.2.2. v1 (Plain)</a>
|
|
<ul class="sectlevel5">
|
|
<li><a href="#struct_ed25519_plain">3.2.2.2.1. Structure</a></li>
|
|
<li><a href="#bytes_ed25519_plain">3.2.2.2.2. Example</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#v1_encrypted_2">3.2.2.3. v1 (Encrypted)</a>
|
|
<ul class="sectlevel5">
|
|
<li><a href="#struct_ed25519_crypt">3.2.2.3.1. Structure</a></li>
|
|
<li><a href="#bytes_ed25519_crypt">3.2.2.3.2. Example</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div id="content">
|
|
<div class="sect1">
|
|
<h2 id="purpose"><a class="link" href="#purpose">1. Purpose</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>This document attempts to present a much more detailed, thorough, and easily-understood form of the key formats used by OpenSSH. The extent of those formats' canonical documentation is <a href="https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key" target="_blank" rel="noopener">the OpenSSH source tree’s <code>PROTOCOL.key</code></a>, which is a little lacking.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="basic_introduction"><a class="link" href="#basic_introduction">2. Basic Introduction</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="sect2">
|
|
<h3 id="legacy"><a class="link" href="#legacy">2.1. Legacy</a></h3>
|
|
<div class="sect3">
|
|
<h4 id="private_keys"><a class="link" href="#private_keys">2.1.1. Private Keys</a></h4>
|
|
<div class="paragraph">
|
|
<p>In OpenSSH pre-7.8, private keys are stored in their respective PEM encoding<sup class="footnote">[<a id="_footnoteref_1" class="footnote" href="#_footnotedef_1" title="View footnote.">1</a>]</sup> with no modification. These legacy private keys should be entirely usable by OpenSSL/LibreSSL/GnuTLS etc. natively with no conversion necessary.</p>
|
|
</div>
|
|
</div>
|
|
<div class="sect3">
|
|
<h4 id="public_keys"><a class="link" href="#public_keys">2.1.2. Public Keys</a></h4>
|
|
<div class="paragraph">
|
|
<p>Each public key <strong>file</strong> (<code>*.pub</code>) is written out in the following format:</p>
|
|
</div>
|
|
<div class="literalblock">
|
|
<div class="content">
|
|
<pre>A B C</pre>
|
|
</div>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>Where:</p>
|
|
</div>
|
|
<div class="dlist">
|
|
<dl>
|
|
<dt class="hdlist1">A</dt>
|
|
<dd>
|
|
<p>The key type (e.g. <code>ssh-rsa</code>, <code>ssh-ed25519</code>, etc.)</p>
|
|
</dd>
|
|
<dt class="hdlist1">B</dt>
|
|
<dd>
|
|
<p>The public key itself, Base64<sup class="footnote">[<a id="_footnoteref_2" class="footnote" href="#_footnotedef_2" title="View footnote.">2</a>]</sup>-encoded</p>
|
|
</dd>
|
|
<dt class="hdlist1">C</dt>
|
|
<dd>
|
|
<p>The key’s comment</p>
|
|
</dd>
|
|
</dl>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>The structures specified in the breakdowns later in this document describe the <em>decoded</em> version of <strong>B</strong> <strong><em>only</em></strong>. They are specific to each keytype and format version starting with item <code>2.0</code>.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="new_v1_format"><a class="link" href="#new_v1_format">2.2. New "v1" Format</a></h3>
|
|
<div class="sect3">
|
|
<h4 id="private_keys_2"><a class="link" href="#private_keys_2">2.2.1. Private Keys</a></h4>
|
|
<div class="paragraph">
|
|
<p>Private key structures have been retooled in the "v1" format. In recent OpenSSH versions, all new keys use the v1 format. They no longer are in straight PEM-compatible format.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>Refer to <a href="https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key" target="_blank" rel="noopener"><code>PROTOCOL.key</code></a> for a (very) general description, or each key’s specific breakdown for more detailed information.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>The v1 format offers several benefits over the legacy format, including:</p>
|
|
</div>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p>customizable key derivation and encryption ciphers for encrypted private keys</p>
|
|
</li>
|
|
<li>
|
|
<p>embedded comments</p>
|
|
</li>
|
|
<li>
|
|
<p>embedded public key (no need to derive from the private key)</p>
|
|
</li>
|
|
<li>
|
|
<p>"checksumming" to confirm proper decryption for encrypted keys</p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div class="sect3">
|
|
<h4 id="public_keys_2"><a class="link" href="#public_keys_2">2.2.2. Public Keys</a></h4>
|
|
<div class="paragraph">
|
|
<p>All public keys in v1 continue to use the same packed binary format as <a href="#public_keys">the legacy format</a>.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="keytype_specific_breakdowns"><a class="link" href="#keytype_specific_breakdowns">3. Keytype-Specific Breakdowns</a></h2>
|
|
<div class="sectionbody">
|
|
<div class="sect2">
|
|
<h3 id="rsa"><a class="link" href="#rsa">3.1. RSA</a></h3>
|
|
<div class="paragraph">
|
|
<p>RSA<sup class="footnote">[<a id="_footnoteref_3" class="footnote" href="#_footnotedef_3" title="View footnote.">3</a>]</sup> is a widely-supported PKI system. It is ubiquitous, but it is recommended to use newer systems (e.g. ED25519) for OpenSSH if all clients and destinations support it.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>The key structures have references to the RSA notations in single quotes. You can find these enumerated in <a href="https://datatracker.ietf.org/doc/html/rfc8017#section-2">RFC 8017 § 2</a> or <a href="https://datatracker.ietf.org/doc/html/rfc8017#section-3.2" target="_blank" rel="noopener">RFC 8017 § 3.2</a>. See also the <a href="https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Key_generation" target="_blank" rel="noopener">Wikipedia article</a>.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>It is <strong>highly</strong> recommended to use 4096-bit RSA if using RSA keys.</p>
|
|
</div>
|
|
<div class="sect3">
|
|
<h4 id="public"><a class="link" href="#public">3.1.1. Public</a></h4>
|
|
<div class="sect4">
|
|
<h5 id="structure"><a class="link" href="#structure">3.1.1.1. Structure</a></h5>
|
|
<div class="paragraph">
|
|
<p>Public keys are stored in the following structure:</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Key Structure</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno">1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
</pre></td><td class="code"><pre>0 uint32 allocator for 0.0 (4 bytes)
|
|
0.0 Public key type string (ASCII bytes)
|
|
1 uint32 allocator for 1.0 (4 bytes)
|
|
1.0 Public exponent ('e') (hex numeric)
|
|
2 uint32 allocator for 2.0 (4 bytes)
|
|
2.0 modulus ('n') (bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect4">
|
|
<h5 id="example"><a class="link" href="#example">3.1.1.2. Example</a></h5>
|
|
<div class="listingblock">
|
|
<div class="title"><code>.pub</code> format</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno">1
|
|
</pre></td><td class="code"><pre>ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3zsBGAc4qEvDJJMuaMOuZAGaBLLFDaRk/MLK5/dSvyzAMkY8qd9ZEEPNheufIyjGMJX08TfTixBCLu+k6holLoUs1dfL3IVC8OB3L+3QsehloZv0xhKzpZ2Gt2g/CmS9shm11aZGfwi2cS/DeQFqMdtUZqipTKdxoJXdyKaXQt1OnglqJuVJ1+cAl4hU0PGyIzWaQoiH4rp72de5GTcfRGNpBBQfqXWtkid1gr9imZGSS2z4nnxp4JA24q72mxQcUyWNmUKcggef6XUcsFCiwfq5dFbZOoeKnUIUS/pq2VfhqMTSG08yh3Y6QrMXJ+6TW52dQf7q586f2jHSBQq8qNwHTGoqbdRGViqdxh7pwLtk004WvzuQjgOleDn6bwPTSM2f8dwN0Fnt/CSb7b9ttBarRz9GRgkhFsBThgVO/DR08Ox+tuyWj8dFR+baEYz2MFpD82MrQWqwq6yPb8Zo35ICgCJEDGcEW1HvZJLOZQlQ7iKD2EnlSstjhKQ8wKfVCrr6cDI42zzKWhlzWZDyJJNVm6/SXGAk5mhrAlv4e3Dtfhxv17wtNRODqJ2INIFFC4L/PZ3tNsCVTISGj8HRapNBYYzFzMleFWlzsvjrEQD0E/wzAxYt8BJBLQCElwrwqY6IOuzCcxvPmXbMBoFi42s4H5xs48/NZVDP2mxmPBw== This is a comment string
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Structure Reference (Hex) (Decoded Base64 component only; <code>AAA…​PBw==</code>)</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
</pre></td><td class="code"><pre>0 00000007 (7)
|
|
0.0 7373682d727361 ("ssh-rsa")
|
|
1 00000003 (3)
|
|
1.0 010001 (65537)
|
|
2 00000201 (513)
|
|
2.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
|
|
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
|
|
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
|
|
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
|
|
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
|
|
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
|
|
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
|
|
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
|
|
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
|
|
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
|
|
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
|
|
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
|
|
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
|
|
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
|
|
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
|
|
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
|
|
07 (bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect3">
|
|
<h4 id="private"><a class="link" href="#private">3.1.2. Private</a></h4>
|
|
<div class="sect4">
|
|
<h5 id="legacy_plain"><a class="link" href="#legacy_plain">3.1.2.1. Legacy (Plain)</a></h5>
|
|
<div class="sect5">
|
|
<h6 id="struct_rsa_plain_legacy"><a class="link" href="#struct_rsa_plain_legacy">3.1.2.1.1. Structure</a></h6>
|
|
<div class="paragraph">
|
|
<p>Legacy private keys are encoded in standard RSA PEM format (<a href="https://datatracker.ietf.org/doc/html/rfc7468" target="_blank" rel="noopener">RFC 7468</a> § <a href="https://datatracker.ietf.org/doc/html/rfc7468#section-10" target="_blank" rel="noopener">10</a>, <a href="https://datatracker.ietf.org/doc/html/rfc3447#appendix-A" target="_blank" rel="noopener">APPENDIX-A</a>).</p>
|
|
</div>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="bytes_rsa_plain_legacy"><a class="link" href="#bytes_rsa_plain_legacy">3.1.2.1.2. Example</a></h6>
|
|
<div class="listingblock">
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
30
|
|
31
|
|
32
|
|
33
|
|
34
|
|
35
|
|
36
|
|
37
|
|
38
|
|
39
|
|
40
|
|
41
|
|
42
|
|
43
|
|
44
|
|
45
|
|
46
|
|
47
|
|
48
|
|
49
|
|
50
|
|
51
|
|
</pre></td><td class="code"><pre>-----BEGIN RSA PRIVATE KEY-----
|
|
MIIJKAIBAAKCAgEA0cey1didD//oq66foKO2IUqFAl0+EF9nMiDfu4LTM4SSoajP
|
|
Q02jewKP/GW9M7eFcDNf3UC5BUNkWym7uNzT6JlkKREZpe6AFsl4hNIfN+uoZSXA
|
|
5vUsqCW29+6lNALMwAHS835cMZPg2IIPQW21nudsMUH0+U4npwfc5jRButoxYnOT
|
|
LwbpTsDE8L1SXQdNojdfBQ/Ftk+mMr2E+boFv38lQMksfvY9nNhp5JKklyrmQtGv
|
|
2M1ChJXHKMCkspKpuIvM6ORIp5FMLmLpe1HR5HpxVFKGjCQaRhtwRnUrY69LhyEc
|
|
XtTt2O6OuiwFZbMcOTVSkGJUZ3qDKvRT9V4LA1WAvIKIqwkwNPoGdv8lVBgNL17c
|
|
32GTtb3eGg3zYl9pJu1bsofnm8KGrKGYG0qBWjSdKcpGLRvbPj3d0m0YPk1smCid
|
|
XnGCyzrG3gpMy0DS5SAyUl585rmfx/HJFtfSbhQTOR3lT1AMYRNNDej+pWX9ZAQC
|
|
82mnIdRLIXQL60BPLX/xRjHWva+0s3arfNhB1F0gxJWdMwCU7Fsd7M0m4bL519pt
|
|
t+fwnGgoEjOGDaiPzfARfi/IZ90npNmAS9WoDt94/uQdbGWXA9naww41z2IcuY5V
|
|
uPqeJkyqflA49GnYyiJz273fh3EnDqdudBTqAMZnUsRW/nJoNi64GldfXv0CAwEA
|
|
AQKCAgAldEcswRkBw0oSZQIhFzmsZfarfmRXXgE5xP7NJsV4nEHl1RL0TEdU7hcx
|
|
FCUct7Z+Wt3Rzf16wBaJ5ECc9+hpzgFBB8mRg6yg5OW8qRtjy5JsRLpVQg7wEpPB
|
|
Xn1mdN2Dpo+4Y6YoP+PUJBx/LQxRS7ZYcRNA88BGpTO+cjQOHWjV0BbGPbCoG+jN
|
|
pq+u5l/pB4PSjodZTo043/d+8sSV9Sh8ka59GI/VkhoN8lSqnMExyuhfh/5JV8iQ
|
|
MRz2uRLOXT9/kUqbiGiWm5heKTSVW3sid/2HxeZfAAUiv0a47JJKlRHQqKmyop0f
|
|
Bj8Mclcmq6uLFdNGCmyi3a6jz1+drKPovO8H9ZTKx7sujxbR1lIC1BPfzFQ1LzjT
|
|
A+n1Yp0gR9LA83TnzysGiYpl2MJYijbB8FPbXdJOMBNO63Jrr0DrF0VdI6Vf9GbA
|
|
HAmz+IbPD+ZTZNktzpv1MmTE+4W/7E/i22KwpJy+/6RYpkDCu3vTKS4L46BQsN4W
|
|
Gm2EL+kdzzmyCog3Vi6b0JRNd0dlKdZQKBanGtm4m3vx6PGhQFt0OZYu/QxDlLuK
|
|
YhlKDIpBdZTTL/PIk4xx89X826fm2DT3ZSK652YCiU35nO1VqU+hKl4gA1dhp4DN
|
|
/wg4LGFtwVhcwr1NyAC+nsFVTYU9Wszl+qpMOK/kKy7WH1K8rQKCAQEA/wXLJPeL
|
|
e3QG0E7TlMmOxq2yUFhu7WMybmhW5z3su9jHNxZ2qEP7Vzer4LiQNmnJiNKFQ8El
|
|
fjywSHINW1+OJXs3M6W3vQLw03XfYt69X2kC9uhooo0/xj8++YhVL4pmI9K7uI0Y
|
|
IkFI2I9rsV6rb7tiKdeFW9NK9AoGp5StSwrVWvgPLwWl4ipVvZhDcRK2VsD8DqNU
|
|
5QwX5l+wnFlR77XIi7c73UwbEictp7ZGwpDDVT7EBJRhruaybRoIGKHX4etJXPGz
|
|
J2L/YQII4H44e7L00qTvfpxNHcdaqqIdZ/Rn3hKqoQBa1lZJf3WjDq70lq26aJwC
|
|
h34COSjbwKM/HwKCAQEA0pWEU54DE4ybznDxUZsLgD1xPYpqMTKO6yAJijwMobFv
|
|
Py9nc25vK0u6RT1It7eIse7TilpUZPB9PDV3sL+kgH5mW1OpvvfMtmncAM68KM7R
|
|
XXBCcpCp0ke1DBNZtNLXFR8OSoJ2Vd2+XbeF7+uRHW4UCHtZttWPke8rokVCFXGN
|
|
JgM6ubF7QPNcZ/gSclhZORP5e4QR1tFppA3dN/ehLaU7Md45oqYRE9y5oONEdnQA
|
|
9b5t1vMqL3TgIHuD6m1nlITmmWSQIWm7BObAz1WmBpyluz8kVeLj8yu+My6VnxNl
|
|
0P1yEVck9mMlNqzgA6i0ilcPMJoU0M+2Fzr72yFKYwKCAQAPro2FYmuDVektWguM
|
|
tLBA62Fxq1523oi1XVkqsxYhnvzxGEKHqlaEUHoTQYYssmigL0HenrvtfVHhwpGr
|
|
sr6M83y7gk9AIjQo7LCl5ciDW3PBNx1oEYOAb1cyBP4oBDyvqz+744E+agFOv9MB
|
|
fy7Pmhg5NnWO5flP9GXgXDYjzTC9fU+BtrkypSPMmtZa16m6v/c/9y87Pnkhw3Sa
|
|
yKtPMEB6xvO5cfqgLSSTkZPcVwaL8WYgWfd/x9Pk/ZrN2PXrgIpsWriHjYDiuDtP
|
|
grN6d9CyO0423OmpER80Ku/f+pmAgGlZqSns0DWIzvUN7BhCQ8CYui81obwFQ8vv
|
|
lppFAoIBAD5UbxRo4rQ4nC1glKz43VCZ3xi+DWx+cHr7wpcd6wc5A5qKJ26tM053
|
|
Xaz81Lc8JcO00vxSfERcQlU95i10q/Y0c4t4mfeiVP9xGeNLTboubR3hCmnqk7lf
|
|
7CCk4Zp6BZuE07AOKYSE28HVflljOlKhsGBKUmWhlJs3VYz0Pvkl4QdtUUaBV+AD
|
|
qEhFzv/1UoNofCGpF7ajyUb7q4zTSOu/ymOaSSjxSoC8hl0up6b/8wDJ2q0S0Fu3
|
|
lldG9+a9dzkolTC16UtahjaPLmawDTJLz2o66EBbpejl+6gek76/+RUAz3B+gLxE
|
|
4FDsnmm216lS13YlRSABOv5pQP69Pc0CggEBAI8eT3npJUQX31Gej0KvN4h0Sq0t
|
|
eYtLF5+uEoDr+DTD0MHv6Cta0QpBKzvOljDtxqNTu8oiNkkhch4daXMOD/qfdk9y
|
|
C+befW1llA6ni6qNF5SlJWVZoyJgasAotzdK7bAIHmJ2BVc1NH5RWYipEWrcfwGA
|
|
JSpC9D6V5wxP0GQa3hl0X7w/2pFNfv7jZ3VeYP91xbn01r4hUdyR2ryOBd817t/N
|
|
aLB3RLkJazg7EKadnM5elAwFZ7PKWjnAyIYH6BoUbs3YonySFPpp9Z5SxidrRpb+
|
|
Zb7jkiz4m88ol7ezdWZyHhVMZqy4bWMCI4moTDcpqJuox6JTQiO2Ajj2pFU=
|
|
-----END RSA PRIVATE KEY-----
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect4">
|
|
<h5 id="legacy_encrypted"><a class="link" href="#legacy_encrypted">3.1.2.2. Legacy (Encrypted)</a></h5>
|
|
<div class="sect5">
|
|
<h6 id="struct_rsa_crypt_legacy"><a class="link" href="#struct_rsa_crypt_legacy">3.1.2.2.1. Structure</a></h6>
|
|
<div class="paragraph">
|
|
<p>Legacy private keys are encoded in standard RSA PEM format (<a href="https://datatracker.ietf.org/doc/html/rfc7468" target="_blank" rel="noopener">RFC 7468</a> § <a href="https://datatracker.ietf.org/doc/html/rfc7468#section-11" target="_blank" rel="noopener">11</a>, <a href="https://datatracker.ietf.org/doc/html/rfc3447#appendix-A" target="_blank" rel="noopener">APPENDIX-A</a>).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>The <code>Proc-Type</code> field is defined in <a href="https://datatracker.ietf.org/doc/html/rfc1421.html#section-4.6.1.1" target="_blank" rel="noopener">RFC 1421 § 4.6.1.1</a>.<br>
|
|
The <code>DEK-Info</code> field is defined in <a href="https://datatracker.ietf.org/doc/html/rfc1421.html#section-4.6.1.3" target="_blank" rel="noopener">RFC 1421 § 4.6.1.3</a>.</p>
|
|
</div>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="bytes_rsa_crypt_legacy"><a class="link" href="#bytes_rsa_crypt_legacy">3.1.2.2.2. Example</a></h6>
|
|
<div class="paragraph">
|
|
<p>The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is <strong><code>testpassword</code></strong>.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>As shown by the header’s fields, it is encrypted using <em>AES128-CBC</em> with the IV of <code>822FAE7B2F5921CBD9143EDE93B22DFA</code>.</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
30
|
|
31
|
|
32
|
|
33
|
|
34
|
|
35
|
|
36
|
|
37
|
|
38
|
|
39
|
|
40
|
|
41
|
|
42
|
|
43
|
|
44
|
|
45
|
|
46
|
|
47
|
|
48
|
|
49
|
|
50
|
|
51
|
|
52
|
|
53
|
|
54
|
|
</pre></td><td class="code"><pre>-----BEGIN RSA PRIVATE KEY-----
|
|
Proc-Type: 4,ENCRYPTED
|
|
DEK-Info: AES-128-CBC,822FAE7B2F5921CBD9143EDE93B22DFA
|
|
|
|
2vAiqYbBxVV+2LszZQ4ybpMIopqtL+mT6PZ/DNJWD9t7wUUynXS6fMBA45CRrsRI
|
|
VTtb1m+ZBo80WaY7PvbYUuX7BS4lWoJ9VFRwtVVPgN4CBOP8ILgQFvywY+yKZW/j
|
|
IB9m29XHN4GVxMZctsgUXfiff49juI4P0uVTRxwJ44HtqBFIYyRtQhhK4pcC7KlD
|
|
J4X7Fl4J6KRWXBktmZGy6wTLXcfekMwUAbgPuvswhsovjXbTjh0eJVMQbqyFg4N/
|
|
hKEkeOznyVuZbAFnNB5johN/HlpoifGcmNh169FsZzuwMuDUOg//JmH2HgwYLCpy
|
|
JQgnsd6AqtlbZkTsoI4Mky0+a8A5y9iMl6Qw1AESt1ISb2k+iKtqXq0EkSzheB6a
|
|
aMtcSp7iIP5SKoV81Hl0L9Mnr8Ni/4HDNKLxi7msixN2v69ctB/m45bL3PMErVcm
|
|
7knY6Ps8jha/zGKVEQlEkCa7S/P5snb/MyMualc3PN/sAvWfcxLUi97pPU0HUZCX
|
|
RS1HR2Fc+FqfMAX+B+Zfr/cmlTSirrPQr387CDospv6UyzGgf6O5ZmGTp47T91mc
|
|
i/4GRHFUQ39nM9sD79fofk3Gdo/manhL1mFvti8Vy2jRXbwXuWhZNTy9J+gRkjR2
|
|
X1NfRDaZlWfcDgUplqqZEbPFElRL8w00PTA4ZOWAt1a5jtQaNXh7JvnlC3oWDSW7
|
|
RgAyAfvvUjigslfobMmMAbQt6gPcCHjnGMst11Xqcvw0c/+8sXVb5LOzAupOlb9B
|
|
lhPvgAuhr0k5azseCD0Y1uyahh5rcIcaN08KaLI1t/nWUYwvSfGx1ej14q1F/Y+Q
|
|
eDmS1695jWngX+FF1GdDzPRWYQhjeBl4V1dV+aTxLamWS8Oz4jk0pkzTwdl1yKDB
|
|
I60t6uhFpummMbKIqvFtOkpqdLjGXZ8bSVbgHu7uPyycJ+PZCgpn/fYxqJNvIhsO
|
|
x4QzKz1p6cFg0hxYKAcKqgIZUbmEu0MRr/VHDaR5K8AlSlVNz8ur62O4YEOslUFC
|
|
Tv8d0LBd80OyrhpoJhK7fplVbFx2jkmVkLSjbwTPWz7HxLO3u/fQ1+higQHbAGqg
|
|
75i4gpQVUDQE4KwPXjsjwhU1jrYyk2snnwmRa6yfYd61CI1lGJOycgm1tS90NNKA
|
|
/sZmBG2u/t+UFDX+cBIkdA6B4CwRaPmvo27jv1Mk3u4N/zp+FR9IUxCnc8Z3Fo7F
|
|
IKZAAEhtZniXG0t82aIXHdw7bQtH9eZsP/Il9ozaNW5Oky51AH/SCZT24vnOyc/U
|
|
RQPP8g+59bjeriG/QAZ/Ezv6TilW06i/0xOo9i8ZyJdtPLuQ9q9ijNydCCqB/yE/
|
|
Q/VTYQxHV1GBmpb89p//VpeqKmyTFISGK3r+nTHelVLgy8zDLWSSRkDQEu2n+7ou
|
|
RwRli6ZrqsMBqhsBPcD/SzerRaq3AkstQ21C1fDpnBoXdRzx52wQcd3mKmspRLgc
|
|
w/V2zaJqzjKaqfqNaT3xBTns0BGUBMCzaE+YtSHe2+NiHnxioU8H2wQz0CM2rjJE
|
|
LBjfw4raTwrOSOufo7JqjMr5JrUeTy8Gqv1Wq8YrqmsPPrXmhhasxYrV/aqN96/m
|
|
UZgWVjD0G3NOHDcQ+yPQrjodPEbokeLb1y+Hw8os53sirWwKkUnPKK1tpZtsmCjR
|
|
wJTcaZVhGVdgWvxZnBGGvkDdxJBGisFc+IgnEWjgVxLiHkeXoyskgdB9zwYzNgJl
|
|
B0NuxgGnLpcNpTz11tPAvpJYHIFTgW/cjMfGh47hfJxCAyEa4qdlwk6YbvUHDEml
|
|
qzFMP70LbS18ck6SiP1ITVgxznT4CwuWXUdXTI1T1F9AY9u0Y5NPlB5SN7e/1Pq4
|
|
1sf9NhUjgIVrxXoILUXDVreEcZj8B2zQOS4HcbQnQlUZuIbVKgot7UnHtTmALEu7
|
|
YIYqKKr0GZCBpNi+qkBQd0RFsMNV6241X+BIwnHSIKBJ08PJ4O6H0RxK6KSshZV3
|
|
bZGJcDrARHd/VbEmUE3pJbbesgwrOBvY9mh1iGHfYyoCabagdgEbXAqgAGKihvQ7
|
|
l4J28BI4rbCU23U5BtBEGhHwhFC9tvkwx8/ImbzIwKqRXRN1fJys0ReYONWkOv7J
|
|
OBU3kvjhKUivcbAG6guz6hwP9I+450dE2Q4V54LabeQSZ3rfBk+SCXR6w6aX5us9
|
|
ydLVqtUxvhyqP5/61seNWwDmvdB8A9DFKHuxPqhVKxhumfoe0T+zkOUmuVRLafIv
|
|
AGCxIVQBm1DEnuG/c6cMlgzw9qITrMgJAzqpyQDBslAxfa45+ViPHYFIpPhd+iGg
|
|
aaj6q9Clkl3tLoZvZ1D827zMfpq1Kaog9VsxQSiaAmpC5e/N+QaPunPIZTyDtaPj
|
|
5H7uCm27yHGG5z8yehmlDcPc2I1TjN24Dfzxi6AaiEZ/BAaUv8pTs3r4n2BAtzPm
|
|
u0zE1vw5UsZ59QmsHRgBO6z8IYA+HhNt+sd0krYfuJ1MUiSH03uhYAiGFoqHngAN
|
|
7w18EcsJPFUL1NTMy4dK6SaZFxIvPItbzf49Bwc03ruUt7Zy95Odz7UsjyD4msSE
|
|
q8/DAtzFPgztBlNieUH4N0w5Qu4x3hSx3/xgp9e+7njQo7mE+yySh7NPV27HaFKz
|
|
htsnuMaOzVMis9WLOq6egrsEaJ6BM3WRSPBa8ZjHdWYeVQ6WFLs2v7wX/j19Q9GZ
|
|
bdWkI1wBHcyz4MLUeJESFt3uqrHeNTLm5BWaGCeqtHeeHhoAquAJdjceLcDW7Le4
|
|
tkQj3FxLFUCKlZt9H/gyDKwDhHShONFDWPbItKHrHlmSftsOiWNt7X9r9MEaxyWh
|
|
KIJcTV2JsrhDHcNHUDniSi0qYhVsAkLSng6xxy/A4bQIz0Jhp42+Sk0aJVj+DaBa
|
|
5K0ctJ1f/YoQv7SjOJAMEvoGLCVPFLFbWQpDhtvfpgB7g9/qpJKL5/ixDDgfRf58
|
|
NN9CdVs/JPpuZiSmR86gAgHrDblaBcIOtUoKBPfZweiJKowN2li934JZRs2xuamv
|
|
HQEqEb9jJPj+eDv9FlCgCzBTdkiaLuuqU9agB6Ji8NMFDedj7rErkCUZ8tE9wqfY
|
|
ftSfkGNUzTzPFbF5iEukTvKm42a7F/I/ExMVgpN/eQxJ7+m5TOgja0KC1h5fCN4L
|
|
-----END RSA PRIVATE KEY-----
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>See the <a href="#bytes_rsa_plain_legacy">plaintext example</a> for the decrypted (non-password-protected) version of this key.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect4">
|
|
<h5 id="v1_plain"><a class="link" href="#v1_plain">3.1.2.3. v1 (Plain)</a></h5>
|
|
<div class="admonitionblock tip">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Tip</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>Since plaintext/unencrypted keys do not have a cipher or KDF (as there’s no encryption key or algorithm used), they use the string "none" to identify these (and entirely leave out the KDF options).</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="struct_rsa_plain"><a class="link" href="#struct_rsa_plain">3.1.2.3.1. Structure</a></h6>
|
|
<div class="listingblock">
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
30
|
|
31
|
|
32
|
|
33
|
|
34
|
|
</pre></td><td class="code"><pre>0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes)
|
|
1.0 uint32 allocator for 1.0.0 (4 bytes)
|
|
1.0.0 cipher name string (ASCII bytes)
|
|
2.0 uint32 allocator for 2.0.0 (4 bytes)
|
|
2.0.0 KDF name string (ASCII bytes)
|
|
3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes) (ALWAYS 0 for unencrypted keys, so no following substructure)
|
|
4.0 uint32 counter for # of keys (4 bytes)
|
|
4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes)
|
|
4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes)
|
|
4.0.0.0.0 public key #n keytype string (ASCII bytes)
|
|
4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes)
|
|
4.0.0.1.0 public exponent ('e')
|
|
4.0.0.2 uint32 allocator for 4.0.0.2.0 (4 bytes)
|
|
4.0.0.2.0 modulus ('n')
|
|
4.0.1 uint32 allocator for private key structure #n (4.0.1.0 to 4.0.1.5) (4 bytes)
|
|
4.0.1.0 uint32 decryption "checksum" #1 (should match 4.0.1.1) (4 bytes)
|
|
4.0.1.1 uint32 decryption "checksum" #2 (should match 4.0.1.0) (4 bytes)
|
|
4.0.1.2 copy of 4.0.0.0; allocator for 4.0.1.2.0 (4 bytes)
|
|
4.0.1.2.0 copy of 4.0.0.0.0 (ASCII bytes)
|
|
4.0.1.3 copy of 4.0.0.2; allocator for 4.0.1.3.0 (4 bytes)
|
|
4.0.1.3.0 copy of 4.0.0.2.0 (bytes)
|
|
4.0.1.4 copy of 4.0.0.1; allocator for 4.0.1.4.0 (4 bytes)
|
|
4.0.1.4.0 copy of 4.0.0.1.0 (bytes)
|
|
4.0.1.5 uint32 allocator for 4.0.1.5.0 (4 bytes)
|
|
4.0.1.5.0 private exponent ('d')
|
|
4.0.1.6 uint32 allocator for 4.0.1.6.0 (4 bytes)
|
|
4.0.1.6.0 CRT helper value ('q^(-1) % p')
|
|
4.0.1.7 uint32 allocator for 4.0.1.7.0 (4 bytes)
|
|
4.0.1.7.0 prime #1 ('p')
|
|
4.0.1.8 uint32 allocator for 4.0.1.8.0 (4 bytes)
|
|
4.0.1.8.0 prime #2 ('q')
|
|
4.0.1.9 uint32 allocator for 4.0.1.9.0 (4 bytes)
|
|
4.0.1.9.0 comment for key #n string (ASCII bytes)
|
|
4.0.1.10 sequential padding
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Note</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 3.0.0 to 3.0.1:</strong> These blocks are not present in unencrypted keys (see the <a href="#struct_rsa_crypt">encrypted key structure</a> for what these look like). <strong>3.0</strong> reflects this, as it’s always going to be <code>00000000</code> (0).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0:</strong> This is technically currently unused; upstream hardcodes to 1 (left zero-padded 0x01).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0.0.1.0, 4.0.0.2.0, 4.0.1.3.0, 4.0.1.4.0:</strong> Note that the ordering of <code>e</code>/<code>n</code> in <strong>4.0.0</strong> is changed to <code>n</code>/<code>e</code> in <strong>4.0.1</strong>.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0.1.10:</strong> The padding used aligns the private key (<strong>4.0.1.0</strong> to <strong>4.0.1.9.0</strong>) to the cipher blocksize. For plaintext keys, a blocksize of 8 is used.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="bytes_rsa_plain"><a class="link" href="#bytes_rsa_plain">3.1.2.3.2. Example</a></h6>
|
|
<div class="paragraph">
|
|
<p>The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is <strong><code>test</code></strong>.</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title"><code>id_rsa</code> Format</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
30
|
|
31
|
|
32
|
|
33
|
|
34
|
|
35
|
|
36
|
|
37
|
|
38
|
|
39
|
|
40
|
|
41
|
|
42
|
|
43
|
|
44
|
|
45
|
|
46
|
|
47
|
|
48
|
|
49
|
|
</pre></td><td class="code"><pre>-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAgEAt87ARgHOKhLwySTLmjDrmQBmgSyxQ2kZPzCyuf3Ur8swDJGPKnfW
|
|
RBDzYXrnyMoxjCV9PE304sQQi7vpOoaJS6FLNXXy9yFQvDgdy/t0LHoZaGb9MYSs6Wdhrd
|
|
oPwpkvbIZtdWmRn8ItnEvw3kBajHbVGaoqUyncaCV3ciml0LdTp4JaiblSdfnAJeIVNDxs
|
|
iM1mkKIh+K6e9nXuRk3H0RjaQQUH6l1rZIndYK/YpmRkkts+J58aeCQNuKu9psUHFMljZl
|
|
CnIIHn+l1HLBQosH6uXRW2TqHip1CFEv6atlX4ajE0htPMod2OkKzFyfuk1udnUH+6ufOn
|
|
9ox0gUKvKjcB0xqKm3URlYqncYe6cC7ZNNOFr87kI4DpXg5+m8D00jNn/HcDdBZ7fwkm+2
|
|
/bbQWq0c/RkYJIRbAU4YFTvw0dPDsfrbslo/HRUfm2hGM9jBaQ/NjK0FqsKusj2/GaN+SA
|
|
oAiRAxnBFtR72SSzmUJUO4ig9hJ5UrLY4SkPMCn1Qq6+nAyONs8yloZc1mQ8iSTVZuv0lx
|
|
gJOZoawJb+Htw7X4cb9e8LTUTg6idiDSBRQuC/z2d7TbAlUyEho/B0WqTQWGMxczJXhVpc
|
|
7L46xEA9BP8MwMWLfASQS0AhJcK8KmOiDrswnMbz5l2zAaBYuNrOB+cbOPPzWVQz9psZjw
|
|
cAAAdQU4NHElODRxIAAAAHc3NoLXJzYQAAAgEAt87ARgHOKhLwySTLmjDrmQBmgSyxQ2kZ
|
|
PzCyuf3Ur8swDJGPKnfWRBDzYXrnyMoxjCV9PE304sQQi7vpOoaJS6FLNXXy9yFQvDgdy/
|
|
t0LHoZaGb9MYSs6WdhrdoPwpkvbIZtdWmRn8ItnEvw3kBajHbVGaoqUyncaCV3ciml0LdT
|
|
p4JaiblSdfnAJeIVNDxsiM1mkKIh+K6e9nXuRk3H0RjaQQUH6l1rZIndYK/YpmRkkts+J5
|
|
8aeCQNuKu9psUHFMljZlCnIIHn+l1HLBQosH6uXRW2TqHip1CFEv6atlX4ajE0htPMod2O
|
|
kKzFyfuk1udnUH+6ufOn9ox0gUKvKjcB0xqKm3URlYqncYe6cC7ZNNOFr87kI4DpXg5+m8
|
|
D00jNn/HcDdBZ7fwkm+2/bbQWq0c/RkYJIRbAU4YFTvw0dPDsfrbslo/HRUfm2hGM9jBaQ
|
|
/NjK0FqsKusj2/GaN+SAoAiRAxnBFtR72SSzmUJUO4ig9hJ5UrLY4SkPMCn1Qq6+nAyONs
|
|
8yloZc1mQ8iSTVZuv0lxgJOZoawJb+Htw7X4cb9e8LTUTg6idiDSBRQuC/z2d7TbAlUyEh
|
|
o/B0WqTQWGMxczJXhVpc7L46xEA9BP8MwMWLfASQS0AhJcK8KmOiDrswnMbz5l2zAaBYuN
|
|
rOB+cbOPPzWVQz9psZjwcAAAADAQABAAACAEmfLHBeBL/hekR20n5eHd/YwzX2OsIvdIdU
|
|
8CGDRA9tqT8/hkKSYWY+C939pp1ML3BdC7590xqJQb9WcuKYRKHgZwlwxvKpi3b4Wyb6/t
|
|
tZxJeGuN9+ruuGFx/Vef6N8OrdJTakJEoDMtWprT64NAyTBGQVPoK0/61PZHp7qAjjhURQ
|
|
+Aa2DgtnD8mctrWHhkl9TBmed1DuUImTTu8l9GUSOUlVxIfhB0Tr25oAlRyAlbAk1M518d
|
|
oxRrWzRHFp9Z4j1AaFQ4vHvK0Rc5J6OJoJA7oRGkaAnRI7NDIZfMqPwMJ4FvvyFcK3xYS5
|
|
TzfJ7YqOgVlC7/3PVHVyaK/lj9cAzc9qmKIJUGF7BiSqg12V4n16/N7nDDl8obaqBHNebV
|
|
xeAb//IXTPVi02hCYkSQ4SyoFCWV1SVnSU84shJAEsrKyyVk4hyEXrlPXW6/bzkGbh+gSz
|
|
GBdOb5mUgjuk2e8sKLN8s+oF+jytcgCJg5QnaDVSPk5BYFTyPbDrcyIR06EepVE5CujVjW
|
|
nhRmTg4g8r8MzSTSYLgyqUFE9YAep827JDbyG6LbrsvNVz8kxeDUP9JrSuZ2ThON2vR3Ws
|
|
AWPkVyfBACf3FsvjzHD/9zRBuyU45UJqGlY4tEinveloBB7CGE72ew2mAHApfNc97u/r0Z
|
|
UWEcendslW4Y5fFjohAAABAAri4c8kVaDYInLmpCu7qD63ZUluWjPhO4yUdW2MMvfXUF/Z
|
|
l73V7AjFm/jR1lnR3wK+xmnrtaqvXbHscM4vKms6F7ex/OOtxiA8KQXNZS12IgZd0BGuM4
|
|
lEZ8bco2Q5UrDK7f+bx4rEBAgHQCdWbuTEdRrT/0UqJ4Gvi1wsm/CbNO5eYgEzC0vDga92
|
|
Z5hmfFua0HM8GfTvR1/SZGVeAwVT8vL43lnCrudLndZyDjEIFD3+3UHPS8Ed4rmp9A+uxy
|
|
pSMSq+5MYVWs/uk4ShY0jHFTRuvmk4lf5tI0jU3tsKE3xIcYX/lJwgkRW5yKEGMpmR8Eno
|
|
Qwx7pg3VQI1yrJgAAAEBAOULZbpq5MsprmYSnD5B/+ujbNbsuqcEX/kM6nHQm8BWsLkTTc
|
|
V1TEnaH+irFpzRSe7a7M9JE9kV9PJBxf2Gx3UR4MJhw0RgCoTM546M9JPkkoRMuCxCq20S
|
|
RqU+XPUK1HWcKlwJ1TscXDtEkyjuoBQ01uU3s6UTko363fCnJygjiZuNeVIgyzNEq40OhG
|
|
4eQP/ftccZJiwrUnqJClH6q88QkEaZE197mXSH9LSNRJCtgPwls0b6C7WH8JKVvw9xrBCo
|
|
CGhn1LrQCgwnpkVvCODCv4yu2HaPA2aiRAQoGAopJhevYf6rq5pwdbi8ISCaVDm7/jYTkX
|
|
Bx/udKjV2A/pkAAAEBAM1wd2WfrZgxBLzH3FJiQrnqUs6kDpI993GsKijjd/K5IxpYwkSM
|
|
a40X/oNXHva9u8EfPUq0JU6oWWhLh3KRH5xvNVR5BT4+PTpuzOE6AWkIKYyj+LYo0hEXSa
|
|
NidijrBYRPVGeVpQZ9ObHTBOGcxvwb4AphZOoz5Ku8h/VoMicdglyGjFzNo3dbA3cR6ZQ2
|
|
+WxT83gLmFCE4dhKRYxoerCTigm/b5s//sQe0C/VsnVyx9GAA55AWlWbYvwI+ASxnwQ9uk
|
|
xvdWWxxydZ9Lky1Pk9T0HakbGxRvKYVKEAg0HkdgvdSYcJfsSmVRq5bgmaBKONaok7Uz2x
|
|
hau1VzZBnp8AAAAYVGhpcyBpcyBhIGNvbW1lbnQgc3RyaW5nAQID
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Structure Reference (Hex) (Decoded Base64)</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
30
|
|
31
|
|
32
|
|
33
|
|
34
|
|
35
|
|
36
|
|
37
|
|
38
|
|
39
|
|
40
|
|
41
|
|
42
|
|
43
|
|
44
|
|
45
|
|
46
|
|
47
|
|
48
|
|
49
|
|
50
|
|
51
|
|
52
|
|
53
|
|
54
|
|
55
|
|
56
|
|
57
|
|
58
|
|
59
|
|
60
|
|
61
|
|
62
|
|
63
|
|
64
|
|
65
|
|
66
|
|
67
|
|
68
|
|
69
|
|
70
|
|
71
|
|
72
|
|
73
|
|
74
|
|
75
|
|
76
|
|
77
|
|
78
|
|
79
|
|
80
|
|
81
|
|
82
|
|
83
|
|
84
|
|
85
|
|
86
|
|
87
|
|
88
|
|
89
|
|
90
|
|
91
|
|
92
|
|
93
|
|
94
|
|
95
|
|
96
|
|
97
|
|
98
|
|
99
|
|
100
|
|
101
|
|
102
|
|
103
|
|
104
|
|
</pre></td><td class="code"><pre>0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00)
|
|
1.0 0000000a (10)
|
|
1.0.0 6165733235362d637472 ("none")
|
|
2.0 00000006 (6)
|
|
2.0.0 626372797074 ("none")
|
|
3.0 00000000 (0)
|
|
4.0 00000001 (1)
|
|
4.0.0 00000217 (535)
|
|
4.0.0.0 00000007 (7)
|
|
4.0.0.0.0 7373682d727361 ("ssh-rsa")
|
|
4.0.0.1 00000003 (3)
|
|
4.0.0.1.0 010001 (65537)
|
|
4.0.0.2 00000201 (513)
|
|
4.0.0.2.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
|
|
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
|
|
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
|
|
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
|
|
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
|
|
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
|
|
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
|
|
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
|
|
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
|
|
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
|
|
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
|
|
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
|
|
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
|
|
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
|
|
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
|
|
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
|
|
07 (bytes)
|
|
4.0.1 00000750 (1872)
|
|
4.0.1.0 53834712 (1401112338)
|
|
4.0.1.1 53834712 (1401112338)
|
|
4.0.1.2 00000007 (7)
|
|
4.0.1.2.0 7373682d727361 ("ssh-rsa")
|
|
4.0.1.3 00000201 (513)
|
|
4.0.1.3.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
|
|
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
|
|
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
|
|
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
|
|
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
|
|
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
|
|
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
|
|
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
|
|
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
|
|
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
|
|
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
|
|
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
|
|
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
|
|
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
|
|
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
|
|
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
|
|
07 (bytes)
|
|
4.0.1.4 00000003 (3)
|
|
4.0.1.4.0 010001 (65537)
|
|
4.0.1.5 00000200 (512)
|
|
4.0.1.5.0 499f2c705e04bfe17a4476d27e5e1ddfd8c335f63ac22f748754f02183440f6d
|
|
a93f3f86429261663e0bddfda69d4c2f705d0bbe7dd31a8941bf5672e29844a1
|
|
e0670970c6f2a98b76f85b26fafedb59c49786b8df7eaeeb86171fd579fe8df0
|
|
eadd2536a4244a0332d5a9ad3eb8340c930464153e82b4ffad4f647a7ba808e3
|
|
854450f806b60e0b670fc99cb6b58786497d4c199e7750ee5089934eef25f465
|
|
12394955c487e10744ebdb9a00951c8095b024d4ce75f1da3146b5b3447169f5
|
|
9e23d40685438bc7bcad1173927a389a0903ba111a46809d123b3432197cca8f
|
|
c0c27816fbf215c2b7c584b94f37c9ed8a8e815942effdcf54757268afe58fd7
|
|
00cdcf6a98a20950617b0624aa835d95e27d7afcdee70c397ca1b6aa04735e6d
|
|
5c5e01bfff2174cf562d36842624490e12ca8142595d52567494f38b2124012c
|
|
acacb2564e21c845eb94f5d6ebf6f39066e1fa04b318174e6f9994823ba4d9ef
|
|
2c28b37cb3ea05fa3cad7200898394276835523e4e416054f23db0eb732211d3
|
|
a11ea551390ae8d58d69e14664e0e20f2bf0ccd24d260b832a94144f5801ea7c
|
|
dbb2436f21ba2dbaecbcd573f24c5e0d43fd26b4ae6764e138ddaf4775ac0163
|
|
e45727c10027f716cbe3cc70fff73441bb2538e5426a1a5638b448a7bde96804
|
|
1ec2184ef67b0da60070297cd73deeefebd1951611c7a776c956e18e5f163a21 (bytes)
|
|
4.0.1.6 00000100 (256)
|
|
4.0.1.6.0 0ae2e1cf2455a0d82272e6a42bbba83eb765496e5a33e13b8c94756d8c32f7d7
|
|
505fd997bdd5ec08c59bf8d1d659d1df02bec669ebb5aaaf5db1ec70ce2f2a6b
|
|
3a17b7b1fce3adc6203c2905cd652d7622065dd011ae33894467c6dca3643952
|
|
b0caedff9bc78ac40408074027566ee4c4751ad3ff452a2781af8b5c2c9bf09b
|
|
34ee5e6201330b4bc381af766798667c5b9ad0733c19f4ef475fd264655e0305
|
|
53f2f2f8de59c2aee74b9dd6720e3108143dfedd41cf4bc11de2b9a9f40faec7
|
|
2a52312abee4c6155acfee9384a16348c715346ebe693895fe6d2348d4dedb0a
|
|
137c487185ff949c209115b9c8a106329991f049e8430c7ba60dd5408d72ac98 (bytes)
|
|
4.0.1.7 00000101 (257)
|
|
4.0.1.7.0 00e50b65ba6ae4cb29ae66129c3e41ffeba36cd6ecbaa7045ff90cea71d09bc0
|
|
56b0b9134dc5754c49da1fe8ab169cd149eedaeccf4913d915f4f241c5fd86c7
|
|
7511e0c261c344600a84cce78e8cf493e492844cb82c42ab6d1246a53e5cf50a
|
|
d4759c2a5c09d53b1c5c3b449328eea01434d6e537b3a513928dfaddf0a72728
|
|
23899b8d795220cb3344ab8d0e846e1e40ffdfb5c719262c2b527a890a51faab
|
|
cf10904699135f7b997487f4b48d4490ad80fc25b346fa0bb587f09295bf0f71
|
|
ac10a8086867d4bad00a0c27a6456f08e0c2bf8caed8768f0366a2440428180a
|
|
292617af61feabab9a7075b8bc21209a5439bbfe3613917071fee74a8d5d80fe
|
|
99 (bytes)
|
|
4.0.1.8 00000101 (257)
|
|
4.0.1.8.0 00cd7077659fad983104bcc7dc526242b9ea52cea40e923df771ac2a28e377f2
|
|
b9231a58c2448c6b8d17fe83571ef6bdbbc11f3d4ab4254ea859684b8772911f
|
|
9c6f355479053e3e3d3a6ecce13a016908298ca3f8b628d2111749a3627628eb
|
|
05844f546795a5067d39b1d304e19cc6fc1be00a6164ea33e4abbc87f5683227
|
|
1d825c868c5ccda3775b037711e99436f96c53f3780b985084e1d84a458c687a
|
|
b0938a09bf6f9b3ffec41ed02fd5b27572c7d180039e405a559b62fc08f804b1
|
|
9f043dba4c6f7565b1c72759f4b932d4f93d4f41da91b1b146f29854a1008341
|
|
e4760bdd4987097ec4a6551ab96e099a04a38d6a893b533db185abb55736419e
|
|
9f (bytes)
|
|
4.0.1.9 00000018 (24)
|
|
4.0.1.9.0 54686973206973206120636f6d6d656e7420737472696e67 ("This is a comment string")
|
|
4.0.1.10 010203 ([1 2 3], 3 bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect4">
|
|
<h5 id="v1_encrypted"><a class="link" href="#v1_encrypted">3.1.2.4. v1 (Encrypted)</a></h5>
|
|
<div class="admonitionblock tip">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Tip</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>Currently, the only supported KDF is <strong>bcrypt_pbkdf</strong> (<code>bcrypt</code>).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>See the following for more details:</p>
|
|
</div>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p><a href="https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf" class="bare">https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf</a></p>
|
|
</li>
|
|
<li>
|
|
<p><a href="http://www.tedunangst.com/flak/post/bcrypt-pbkdf" class="bare">http://www.tedunangst.com/flak/post/bcrypt-pbkdf</a></p>
|
|
</li>
|
|
<li>
|
|
<p><a href="https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html" class="bare">https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html</a></p>
|
|
</li>
|
|
<li>
|
|
<p><a href="https://datatracker.ietf.org/doc/html/rfc2898" class="bare">https://datatracker.ietf.org/doc/html/rfc2898</a></p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="admonitionblock tip">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Tip</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>You can get a list of supported ciphers (<strong>1.0.0</strong>) via <code>ssh -Q cipher</code> on most systems.
|
|
Note that <strong>1.0.0</strong> has nothing to do with SSH connections themselves; it’s <strong>only</strong> for the encryption of <strong>4.0.1</strong>.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>This is likely going to be:</p>
|
|
</div>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p><code>3des-cbc</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes128-cbc</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes192-cbc</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes256-cbc</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>rijndael-cbc@lysator.liu.se</code> <em>(may not be present on all systems)</em></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes128-ctr</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes192-ctr</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes256-ctr</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes128-gcm@openssh.com</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes256-gcm@openssh.com</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>chacha20-poly1305@openssh.com</code></p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>The author recommends using <code>aes256-ctr</code>. It is currently the upstream default.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="struct_rsa_crypt"><a class="link" href="#struct_rsa_crypt">3.1.2.4.1. Structure</a></h6>
|
|
<div class="listingblock">
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
</pre></td><td class="code"><pre>
|
|
0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes)
|
|
1.0 uint32 allocator for 1.0.0 (4 bytes)
|
|
1.0.0 cipher name string (ASCII bytes)
|
|
2.0 uint32 allocator for 2.0.0
|
|
2.0.0 KDF name string (ASCII bytes)
|
|
3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes)
|
|
3.0.0 uint32 allocator for 3.0.0.0 (4 bytes)
|
|
3.0.0.0 Salt/IV (bytes)
|
|
3.0.1 uint32 for number of rounds/"work factor" (4 bytes)
|
|
4.0 uint32 counter for # of keys (4 bytes)
|
|
4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes)
|
|
4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes)
|
|
4.0.0.0.0 public key #n keytype string (ASCII bytes)
|
|
4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes)
|
|
4.0.0.1.0 public exponent ('e')
|
|
4.0.0.2 uint32 allocator for 4.0.0.2.0 (4 bytes)
|
|
4.0.0.2.0 modulus ('n')
|
|
4.0.1 uint32 allocator for encrypted private key structure blob #n (4.0.1.0) (4 bytes)
|
|
4.0.1.0 <ENCRYPTED BLOB>
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Note</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0:</strong> This is technically currently unused; upstream hardcodes to 1 (left zero-padded 0x01).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0.1.0:</strong> When decrypted, this is equivalent to the <a href="#struct_rsa_plain">plaintext</a> <strong>4.0.1.0</strong> to <strong>4.0.1.10</strong>. It uses a padded size appropriate to the encryption cipher used.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="bytes_rsa_crypt"><a class="link" href="#bytes_rsa_crypt">3.1.2.4.2. Example</a></h6>
|
|
<div class="paragraph">
|
|
<p>The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is <strong><code>test</code></strong>.</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title"><code>id_rsa</code> Format</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
30
|
|
31
|
|
32
|
|
33
|
|
34
|
|
35
|
|
36
|
|
37
|
|
38
|
|
39
|
|
40
|
|
41
|
|
42
|
|
43
|
|
44
|
|
45
|
|
46
|
|
47
|
|
48
|
|
49
|
|
50
|
|
</pre></td><td class="code"><pre>-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAH1LB8Cx
|
|
KDSJFkiACNbhMLAAAAZAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQC3zsBGAc4q
|
|
EvDJJMuaMOuZAGaBLLFDaRk/MLK5/dSvyzAMkY8qd9ZEEPNheufIyjGMJX08TfTixBCLu+
|
|
k6holLoUs1dfL3IVC8OB3L+3QsehloZv0xhKzpZ2Gt2g/CmS9shm11aZGfwi2cS/DeQFqM
|
|
dtUZqipTKdxoJXdyKaXQt1OnglqJuVJ1+cAl4hU0PGyIzWaQoiH4rp72de5GTcfRGNpBBQ
|
|
fqXWtkid1gr9imZGSS2z4nnxp4JA24q72mxQcUyWNmUKcggef6XUcsFCiwfq5dFbZOoeKn
|
|
UIUS/pq2VfhqMTSG08yh3Y6QrMXJ+6TW52dQf7q586f2jHSBQq8qNwHTGoqbdRGViqdxh7
|
|
pwLtk004WvzuQjgOleDn6bwPTSM2f8dwN0Fnt/CSb7b9ttBarRz9GRgkhFsBThgVO/DR08
|
|
Ox+tuyWj8dFR+baEYz2MFpD82MrQWqwq6yPb8Zo35ICgCJEDGcEW1HvZJLOZQlQ7iKD2En
|
|
lSstjhKQ8wKfVCrr6cDI42zzKWhlzWZDyJJNVm6/SXGAk5mhrAlv4e3Dtfhxv17wtNRODq
|
|
J2INIFFC4L/PZ3tNsCVTISGj8HRapNBYYzFzMleFWlzsvjrEQD0E/wzAxYt8BJBLQCElwr
|
|
wqY6IOuzCcxvPmXbMBoFi42s4H5xs48/NZVDP2mxmPBwAAB1CWbizkNSQv7wl4f26Nk6Vj
|
|
CS4/O8mGtEGYyB6AScXJREGe/8BSFAHcHvW8Dk1q7et9BYgLw/cxaYubzuzq4I5eBfefTS
|
|
LelTyJnDJxhQ6A6AT5saebzsMbuhHAjbYPm9Iga8PXv+90iV5PTjcgZJ+SRUT0os6lud+5
|
|
zAor2PO6cPS6Ln9ClgRlyereEYYw+cgy/oTvVIUpl50NbqB5+dXEDjlrCY/FCUSNJt48tI
|
|
SwM0r6yro3G1LDfBIKViMXDB0KOTSKFRyfuKqxBJ9SzwwIx3FErzFCWakISPPcYuWDH6wI
|
|
cgscgTUG8dseeUDe9S3EbJfWNjzaD/fiJY4mN9LgnyYJm7/qx4gZGYt4N00kJFN/5Umiqz
|
|
3dr19/23OcOSEGSwT2/8/rVUTbUzF5A44R0MxiKZK8bQYAWE1AaKKJHcdIycFr4ywqCOls
|
|
qi3exN3Roqs7AYoLDxZqFayHCjDIDMiX2/Fa9+jCkVs2FvI3pmRuQ8Zl91aaXtGFCtjNBU
|
|
AG04lWjbVTk+eA51Ks6PBrcPHpnYa5RF2cGnpkdry/SEQApY5aWnPSwg1jCpmFu/TGkau2
|
|
HuRRWqZKcn57rEpe17tfdnx9zwA1kEIxKD2SRFhjcCqZXnkr3h1ax91iSJh7n+SwpvGDfO
|
|
T7qgMv9Gcahr6Mfk+b43GCEurQpvG0KYiGO/gK8XqYFPH/vtbIHn9Z3luMcbn1cfxVbMVq
|
|
7iK+G1fUj4ynajeYR8Z9DOtD6tEBNV5UGlfCVK6BTwWKA2GS9J2WI2yIQo5fVNr+/RpbjK
|
|
Ethc84M9ONgWxuDiBRQ/M+NTxHGryXjSjRrImnJNWqs+fEgBXFzTpvMcJYzvExJXTmksbk
|
|
laKo777nhan+HHJzeeof3FtJKoOkr/ezlFrvUDqV3FKyFHQXK7VAVLEGNC8r3mvDitFmwa
|
|
XG2IaFuAZ/UpdBs2mRNS1d8Skbnjx0anHivaeW/d2sKdDi8/rf0fD9M9p1vGFR0+4n9hme
|
|
dsO56HL7Y7VK14sPvivoTxDX5IM5xuYzZFBwdK3cWivYxL5YSMKRvbJ0DTqjJcNQOWzijg
|
|
hu7N1iVvSPt5R7hOhXWbHH5t2RIj4/go5CU6fsbZh61hvSF5wimiDo2X5hWMsL5zQidpi0
|
|
aVx4TEY8rD6n1TgFbVBiqJX4rmRUm9WEhKYDY6uBvEPm/eDuEkdwUbU8lw8GPfLw/y/WVb
|
|
f4ECm+VFzIQfcyHTEwTuuiEP34/a1+G8iszU2ZDAWLMIF+heLFaVq5LB4SmsdHHzOP3TlO
|
|
3hYHFFDBkGHgfBNcvofwEmCzYgbLwWnIW53aJvs9/159aP1RpXNALbzB3H9JocucNBALmz
|
|
0LuLhjnGnH1HSQq4PIkYrQOuYu7kMWXkUvhU2NQTIYbCH3Qu5KPMYUUVrcfAiUCDhThQP1
|
|
xNV4HphMrZPPeo0Xpo1nizRmr7rjYgVdW27bAAe1kjHTBA2/7IuXgrOcOREW8gN+IYv6uk
|
|
bFLFYYCu7yQdkY8hSwtkgLc4KHWtnazkSWw2guoqaXtf5DsQfZPhl2slQNv9oq4iO8GoTW
|
|
Xg1nAlE7jMRCol+5g6rfpJLQnj39mR+fR0cLtzNp9jTdUNqybRKcO6CWrXlxHw7kQZwSJu
|
|
uNpCZ0ss936PSj92zp6eJJtNH8x3jvMY29Z3hVbA+YeOvm6DJJFteCgPI/fjkhsptCu6bK
|
|
LXgDmcpO08stA2yb7YCyNYCRmEIhNeLYQsj1Ok3Vn+C+2InUeEAWQCSx9mjMVml41DHrKg
|
|
eiDtBuV1VR4bAw2xNQ6UySmgKKXcJTQONDTyJQ4/Sd4XG7hQh10oAFDklVRLpxtx6jbCk3
|
|
rWWT4rW8oovDjlnOqR8mzRyoqkvZ+8HGBa5Grj9Vmzpuv4n/Vp/zZcPLpLS5H2Zf/aOXGI
|
|
/iPqRWyALEeoBihE1AT6tBoPqD/Q3Wbk21ERXwJhl/TImhvygka6mWbKKXOw86+kMVSJal
|
|
a/4hU9+qo8zSqwEbf5FHDL3ASvfP4XA95wQPTXd3sGh2nUA1N3zHZk9Aa11pNWqjMEXEM0
|
|
oeLOYC6isexmY1LRS1mW2tRRpMuIbGYUPcJfjxvPDtJT/ryXM0MuraNaavyYJ0n6DsaAqI
|
|
HbBhceo3+oM4HskKavovJp2doHyPMCFh4myaTCHCVgztgRvfa+QC02ri8R+IQ1EkHneaIv
|
|
i2mo4+6qZ25xUBQ6ZrOpLU2s6fT5th4/fgqnZWyBjs+1MwNFfVHnTn7InPA4yac/ODQ4Po
|
|
ItL1DDp3daoOY7EnohTbdJDkiPfukXgqkN4y9KsiYBr3sZD8xqKS5C4vi2nKrOmUsSfp+R
|
|
UyttjDt84I+ZHSaSILzu7X1OYVFSPmPkG80nFU/Tp/c3DASxJYcVQT7F8X9RuqmejlzVms
|
|
evF9rs0OiSYAJAOrh6Qi5CKm+xGGtbt9sl+v/trSR/10GyRhqjuWEjQhQq8Q3s7+AMALN6
|
|
ZnrXZl+8QIW1MSvaaQFmJFqTs=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Structure Reference (Hex) (Decoded Base64)</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
30
|
|
31
|
|
32
|
|
33
|
|
34
|
|
35
|
|
36
|
|
37
|
|
38
|
|
39
|
|
40
|
|
41
|
|
42
|
|
43
|
|
44
|
|
45
|
|
46
|
|
47
|
|
48
|
|
49
|
|
50
|
|
51
|
|
52
|
|
53
|
|
54
|
|
55
|
|
56
|
|
57
|
|
58
|
|
59
|
|
60
|
|
61
|
|
62
|
|
63
|
|
64
|
|
65
|
|
66
|
|
67
|
|
68
|
|
69
|
|
70
|
|
71
|
|
72
|
|
73
|
|
74
|
|
75
|
|
76
|
|
77
|
|
78
|
|
79
|
|
80
|
|
81
|
|
82
|
|
83
|
|
84
|
|
85
|
|
86
|
|
87
|
|
88
|
|
89
|
|
90
|
|
91
|
|
92
|
|
93
|
|
</pre></td><td class="code"><pre>0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00)
|
|
1.0 0000000a (10)
|
|
1.0.0 6165733235362d637472 ("aes256-ctr")
|
|
2.0 00000006 (6)
|
|
2.0.0 626372797074 ("bcrypt")
|
|
3.0 00000018 (24)
|
|
3.0.0 00000010 (16)
|
|
3.0.0.0 07d4b07c0b128348916488008d6e130b (bytes)
|
|
3.0.1 00000064 (100)
|
|
4.0 00000001 (1)
|
|
4.0.0 00000217 (535)
|
|
4.0.0.0 00000007 (7)
|
|
4.0.0.0.0 7373682d727361 ("ssh-rsa")
|
|
4.0.0.1 00000003 (3)
|
|
4.0.0.1.0 010001 (65537)
|
|
4.0.0.2 00000201 (513)
|
|
4.0.0.2.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
|
|
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
|
|
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
|
|
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
|
|
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
|
|
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
|
|
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
|
|
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
|
|
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
|
|
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
|
|
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
|
|
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
|
|
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
|
|
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
|
|
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
|
|
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
|
|
07 (bytes)
|
|
4.0.1 00000750 (1872)
|
|
4.0.1.0 966e2ce435242fef09787f6e8d93a563092e3f3bc986b44198c81e8049c5c944
|
|
419effc0521401dc1ef5bc0e4d6aedeb7d05880bc3f731698b9bceeceae08e5e
|
|
05f79f4d22de953c899c3271850e80e804f9b1a79bcec31bba11c08db60f9bd2
|
|
206bc3d7bfef74895e4f4e3720649f924544f4a2cea5b9dfb9cc0a2bd8f3ba70
|
|
f4ba2e7f42960465c9eade118630f9c832fe84ef548529979d0d6ea079f9d5c4
|
|
0e396b098fc509448d26de3cb484b0334afacaba371b52c37c120a5623170c1d
|
|
0a39348a151c9fb8aab1049f52cf0c08c77144af314259a90848f3dc62e5831f
|
|
ac08720b1c813506f1db1e7940def52dc46c97d6363cda0ff7e2258e2637d2e0
|
|
9f26099bbfeac78819198b78374d2424537fe549a2ab3dddaf5f7fdb739c3921
|
|
064b04f6ffcfeb5544db533179038e11d0cc622992bc6d0600584d4068a2891d
|
|
c748c9c16be32c2a08e96caa2ddec4ddd1a2ab3b018a0b0f166a15ac870a30c8
|
|
0cc897dbf15af7e8c2915b3616f237a6646e43c665f7569a5ed1850ad8cd0540
|
|
06d389568db55393e780e752ace8f06b70f1e99d86b9445d9c1a7a6476bcbf48
|
|
4400a58e5a5a73d2c20d630a9985bbf4c691abb61ee4515aa64a727e7bac4a5e
|
|
d7bb5f767c7dcf0035904231283d92445863702a995e792bde1d5ac7dd624898
|
|
7b9fe4b0a6f1837ce4fbaa032ff4671a86be8c7e4f9be3718212ead0a6f1b429
|
|
88863bf80af17a9814f1ffbed6c81e7f59de5b8c71b9f571fc556cc56aee22be
|
|
1b57d48f8ca76a379847c67d0ceb43ead101355e541a57c254ae814f058a0361
|
|
92f49d96236c88428e5f54dafefd1a5b8ca12d85cf3833d38d816c6e0e205143
|
|
f33e353c471abc978d28d1ac89a724d5aab3e7c48015c5cd3a6f31c258cef131
|
|
2574e692c6e495a2a8efbee785a9fe1c727379ea1fdc5b492a83a4aff7b3945a
|
|
ef503a95dc52b21474172bb54054b106342f2bde6bc38ad166c1a5c6d88685b8
|
|
067f529741b36991352d5df1291b9e3c746a71e2bda796fdddac29d0e2f3fadf
|
|
d1f0fd33da75bc6151d3ee27f6199e76c3b9e872fb63b54ad78b0fbe2be84f10
|
|
d7e48339c6e63364507074addc5a2bd8c4be5848c291bdb2740d3aa325c35039
|
|
6ce28e086eecdd6256f48fb7947b84e85759b1c7e6dd91223e3f828e4253a7ec
|
|
6d987ad61bd2179c229a20e8d97e6158cb0be734227698b4695c784c463cac3e
|
|
a7d538056d5062a895f8ae64549bd58484a60363ab81bc43e6fde0ee12477051
|
|
b53c970f063df2f0ff2fd655b7f81029be545cc841f7321d31304eeba210fdf8
|
|
fdad7e1bc8accd4d990c058b30817e85e2c5695ab92c1e129ac7471f338fdd39
|
|
4ede16071450c19061e07c135cbe87f01260b36206cbc169c85b9dda26fb3dff
|
|
5e7d68fd51a573402dbcc1dc7f49a1cb9c34100b9b3d0bb8b8639c69c7d47490
|
|
ab83c8918ad03ae62eee43165e452f854d8d4132186c21f742ee4a3cc614515a
|
|
dc7c08940838538503f5c4d5781e984cad93cf7a8d17a68d678b3466afbae362
|
|
055d5b6edb0007b59231d3040dbfec8b9782b39c391116f2037e218bfaba46c5
|
|
2c56180aeef241d918f214b0b6480b7382875ad9dace4496c3682ea2a697b5fe
|
|
43b107d93e1976b2540dbfda2ae223bc1a84d65e0d6702513b8cc442a25fb983
|
|
aadfa492d09e3dfd991f9f47470bb73369f634dd50dab26d129c3ba096ad7971
|
|
1f0ee4419c1226eb8da42674b2cf77e8f4a3f76ce9e9e249b4d1fcc778ef318d
|
|
bd6778556c0f9878ebe6e8324916d78280f23f7e3921b29b42bba6ca2d780399
|
|
ca4ed3cb2d036c9bed80b235809198422135e2d842c8f53a4dd59fe0bed889d4
|
|
7840164024b1f668cc566978d431eb2a07a20ed06e575551e1b030db1350e94c
|
|
929a028a5dc25340e3434f2250e3f49de171bb850875d280050e495544ba71b7
|
|
1ea36c2937ad6593e2b5bca28bc38e59cea91f26cd1ca8aa4bd9fbc1c605ae46
|
|
ae3f559b3a6ebf89ff569ff365c3cba4b4b91f665ffda397188fe23ea456c802
|
|
c47a8062844d404fab41a0fa83fd0dd66e4db51115f026197f4c89a1bf28246b
|
|
a9966ca2973b0f3afa43154896a56bfe2153dfaaa3ccd2ab011b7f91470cbdc0
|
|
4af7cfe1703de7040f4d7777b068769d4035377cc7664f406b5d69356aa33045
|
|
c4334a1e2ce602ea2b1ec666352d14b5996dad451a4cb886c66143dc25f8f1bc
|
|
f0ed253febc9733432eada35a6afc982749fa0ec680a881db06171ea37fa8338
|
|
1ec90a6afa2f269d9da07c8f302161e26c9a4c21c2560ced811bdf6be402d36a
|
|
e2f11f884351241e779a22f8b69a8e3eeaa676e7150143a66b3a92d4dace9f4f
|
|
9b61e3f7e0aa7656c818ecfb53303457d51e74e7ec89cf038c9a73f3834383e8
|
|
22d2f50c3a7775aa0e63b127a214db7490e488f7ee91782a90de32f4ab22601a
|
|
f7b190fcc6a292e42e2f8b69caace994b127e9f91532b6d8c3b7ce08f991d269
|
|
220bceeed7d4e6151523e63e41bcd27154fd3a7f7370c04b1258715413ec5f17
|
|
f51baa99e8e5cd59ac7af17daecd0e8926002403ab87a422e422a6fb1186b5bb
|
|
7db25faffedad247fd741b2461aa3b9612342142af10decefe00c00b37a667ad
|
|
7665fbc4085b5312bda690166245a93b (AES256-CTR encrypted block) (bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Note</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>The decrypted <strong>4.0.1.0</strong> should match the <a href="#struct_rsa_plain">plaintext key’s structure</a> for <strong>4.0.1.0</strong> through <strong>4.0.1.10</strong>. The padding length WILL change, however, between the two unless using a cipher with an 8-byte block size.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>When <strong>4.0.1.0</strong> is decrypted, it yields:</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Decrypted <strong>4.0.1.0</strong></div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
30
|
|
31
|
|
32
|
|
33
|
|
34
|
|
35
|
|
36
|
|
37
|
|
38
|
|
39
|
|
40
|
|
41
|
|
42
|
|
43
|
|
44
|
|
45
|
|
46
|
|
47
|
|
48
|
|
49
|
|
50
|
|
51
|
|
52
|
|
53
|
|
54
|
|
55
|
|
56
|
|
57
|
|
58
|
|
59
|
|
60
|
|
61
|
|
62
|
|
63
|
|
64
|
|
65
|
|
66
|
|
67
|
|
68
|
|
69
|
|
70
|
|
71
|
|
72
|
|
73
|
|
</pre></td><td class="code"><pre>4.0.1.0 0d98bd61 (228113761)
|
|
4.0.1.1 0d98bd61 (228113761)
|
|
4.0.1.2 00000007 (7)
|
|
4.0.1.2.0 7373682d727361 ("ssh-rsa")
|
|
4.0.1.3 00000201 (513)
|
|
4.0.1.3.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
|
|
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
|
|
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
|
|
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
|
|
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
|
|
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
|
|
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
|
|
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
|
|
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
|
|
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
|
|
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
|
|
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
|
|
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
|
|
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
|
|
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
|
|
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
|
|
07 (bytes)
|
|
4.0.1.4 00000003 (3)
|
|
4.0.1.4.0 010001 (65537)
|
|
4.0.1.5 00000200 (512)
|
|
4.0.1.5.0 499f2c705e04bfe17a4476d27e5e1ddfd8c335f63ac22f748754f02183440f6d
|
|
a93f3f86429261663e0bddfda69d4c2f705d0bbe7dd31a8941bf5672e29844a1
|
|
e0670970c6f2a98b76f85b26fafedb59c49786b8df7eaeeb86171fd579fe8df0
|
|
eadd2536a4244a0332d5a9ad3eb8340c930464153e82b4ffad4f647a7ba808e3
|
|
854450f806b60e0b670fc99cb6b58786497d4c199e7750ee5089934eef25f465
|
|
12394955c487e10744ebdb9a00951c8095b024d4ce75f1da3146b5b3447169f5
|
|
9e23d40685438bc7bcad1173927a389a0903ba111a46809d123b3432197cca8f
|
|
c0c27816fbf215c2b7c584b94f37c9ed8a8e815942effdcf54757268afe58fd7
|
|
00cdcf6a98a20950617b0624aa835d95e27d7afcdee70c397ca1b6aa04735e6d
|
|
5c5e01bfff2174cf562d36842624490e12ca8142595d52567494f38b2124012c
|
|
acacb2564e21c845eb94f5d6ebf6f39066e1fa04b318174e6f9994823ba4d9ef
|
|
2c28b37cb3ea05fa3cad7200898394276835523e4e416054f23db0eb732211d3
|
|
a11ea551390ae8d58d69e14664e0e20f2bf0ccd24d260b832a94144f5801ea7c
|
|
dbb2436f21ba2dbaecbcd573f24c5e0d43fd26b4ae6764e138ddaf4775ac0163
|
|
e45727c10027f716cbe3cc70fff73441bb2538e5426a1a5638b448a7bde96804
|
|
1ec2184ef67b0da60070297cd73deeefebd1951611c7a776c956e18e5f163a21 (bytes)
|
|
4.0.1.6 00000100 (256)
|
|
4.0.1.6.0 0ae2e1cf2455a0d82272e6a42bbba83eb765496e5a33e13b8c94756d8c32f7d7
|
|
505fd997bdd5ec08c59bf8d1d659d1df02bec669ebb5aaaf5db1ec70ce2f2a6b
|
|
3a17b7b1fce3adc6203c2905cd652d7622065dd011ae33894467c6dca3643952
|
|
b0caedff9bc78ac40408074027566ee4c4751ad3ff452a2781af8b5c2c9bf09b
|
|
34ee5e6201330b4bc381af766798667c5b9ad0733c19f4ef475fd264655e0305
|
|
53f2f2f8de59c2aee74b9dd6720e3108143dfedd41cf4bc11de2b9a9f40faec7
|
|
2a52312abee4c6155acfee9384a16348c715346ebe693895fe6d2348d4dedb0a
|
|
137c487185ff949c209115b9c8a106329991f049e8430c7ba60dd5408d72ac98 (bytes)
|
|
4.0.1.7 00000101 (257)
|
|
4.0.1.7.0 00e50b65ba6ae4cb29ae66129c3e41ffeba36cd6ecbaa7045ff90cea71d09bc0
|
|
56b0b9134dc5754c49da1fe8ab169cd149eedaeccf4913d915f4f241c5fd86c7
|
|
7511e0c261c344600a84cce78e8cf493e492844cb82c42ab6d1246a53e5cf50a
|
|
d4759c2a5c09d53b1c5c3b449328eea01434d6e537b3a513928dfaddf0a72728
|
|
23899b8d795220cb3344ab8d0e846e1e40ffdfb5c719262c2b527a890a51faab
|
|
cf10904699135f7b997487f4b48d4490ad80fc25b346fa0bb587f09295bf0f71
|
|
ac10a8086867d4bad00a0c27a6456f08e0c2bf8caed8768f0366a2440428180a
|
|
292617af61feabab9a7075b8bc21209a5439bbfe3613917071fee74a8d5d80fe
|
|
99 (bytes)
|
|
4.0.1.8 00000101 (257)
|
|
4.0.1.8.0 00cd7077659fad983104bcc7dc526242b9ea52cea40e923df771ac2a28e377f2
|
|
b9231a58c2448c6b8d17fe83571ef6bdbbc11f3d4ab4254ea859684b8772911f
|
|
9c6f355479053e3e3d3a6ecce13a016908298ca3f8b628d2111749a3627628eb
|
|
05844f546795a5067d39b1d304e19cc6fc1be00a6164ea33e4abbc87f5683227
|
|
1d825c868c5ccda3775b037711e99436f96c53f3780b985084e1d84a458c687a
|
|
b0938a09bf6f9b3ffec41ed02fd5b27572c7d180039e405a559b62fc08f804b1
|
|
9f043dba4c6f7565b1c72759f4b932d4f93d4f41da91b1b146f29854a1008341
|
|
e4760bdd4987097ec4a6551ab96e099a04a38d6a893b533db185abb55736419e
|
|
9f (bytes)
|
|
4.0.1.9 00000018 (24)
|
|
4.0.1.9.0 54686973206973206120636f6d6d656e7420737472696e67 ("This is a comment string")
|
|
4.0.1.10 010203 ([1 2 3], 3 bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>See the <a href="#struct_rsa_plain">plaintext structure</a> for details.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="ed25519"><a class="link" href="#ed25519">3.2. ED25519</a></h3>
|
|
<div class="paragraph">
|
|
<p>ED25519<sup class="footnote">[<a id="_footnoteref_4" class="footnote" href="#_footnotedef_4" title="View footnote.">4</a>]</sup> is a relatively somewhat new OpenSSH key algorithm. It has numerous benefits over e.g. RSA, including:</p>
|
|
</div>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p>fixed key sizes, so fixed pubkey sizes</p>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p>and significantly shorter pubkeys, yet-</p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</li>
|
|
<li>
|
|
<p>strength comparable to RSA4096, but-</p>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p>much faster</p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</li>
|
|
<li>
|
|
<p>public domain and <a href="https://ed25519.cr.yp.to/" target="_blank" rel="noopener">developed by independent researchers</a>; not tied to specific corporation (i.e. nothing like <a href="https://en.wikipedia.org/wiki/RSA_Security" target="_blank" rel="noopener">RSA</a>)</p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>I recommend it over all other key types for new SSH keys as long as it’s supported by clients/servers.</p>
|
|
</div>
|
|
<div class="sect3">
|
|
<h4 id="public_2"><a class="link" href="#public_2">3.2.1. Public</a></h4>
|
|
<div class="sect4">
|
|
<h5 id="structure_2"><a class="link" href="#structure_2">3.2.1.1. Structure</a></h5>
|
|
<div class="paragraph">
|
|
<p>Public keys are stored in the following structure:</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Key Structure</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno">1
|
|
2
|
|
3
|
|
4
|
|
</pre></td><td class="code"><pre>0.0 uint32 allocator for 0.0.0 (4 bytes)
|
|
0.0.0 Public key key type string (ASCII bytes)
|
|
1.0 uint32 allocator for 1.0.0 (4 bytes)
|
|
1.0.0 Public key payload (bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect4">
|
|
<h5 id="example_2"><a class="link" href="#example_2">3.2.1.2. Example</a></h5>
|
|
<div class="listingblock">
|
|
<div class="title"><code>id_ed25519.pub</code> Format</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno">1
|
|
</pre></td><td class="code"><pre>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQ4i8lzaE3WaFcTESK/8hLJg7umsWLE6XzRH3PDnZew This is a test key
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Structure Reference (Hex) (Decoded Base64 component only; <code>AAA…​nZew</code>)</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno">1
|
|
2
|
|
3
|
|
4
|
|
</pre></td><td class="code"><pre>0.0 0000000b (11)
|
|
0.0.0 7373682d65643235353139 ("ssh-ed25519")
|
|
1.0 00000020 (32)
|
|
1.0.0 44388bc973684dd66857131122bff212c983bba6b162c4e97cd11f73c39d97b0 (bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect3">
|
|
<h4 id="private_2"><a class="link" href="#private_2">3.2.2. Private</a></h4>
|
|
<div class="sect4">
|
|
<h5 id="legacy_2"><a class="link" href="#legacy_2">3.2.2.1. Legacy</a></h5>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Note</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>ED25519 has no legacy format, as it was introduced <strong>after</strong> the introduction of the new key format.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect4">
|
|
<h5 id="v1_plain_2"><a class="link" href="#v1_plain_2">3.2.2.2. v1 (Plain)</a></h5>
|
|
<div class="admonitionblock tip">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Tip</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>Since plaintext/unencrypted keys do not have a cipher or KDF (as there’s no encryption key or algorithm used), they use the string "none" to identify these (and entirely leave out the KDF options).</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="struct_ed25519_plain"><a class="link" href="#struct_ed25519_plain">3.2.2.2.1. Structure</a></h6>
|
|
<div class="listingblock">
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
</pre></td><td class="code"><pre>0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes)
|
|
1.0 uint32 allocator for 1.0.0 (4 bytes)
|
|
1.0.0 cipher name string (ASCII bytes)
|
|
2.0 uint32 allocator for 2.0.0 (4 bytes)
|
|
2.0.0 KDF name string (ASCII bytes)
|
|
3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes) (ALWAYS 0 for unencrypted keys, so no following substructure)
|
|
4.0 uint32 counter for # of keys (4 bytes)
|
|
4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes)
|
|
4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes)
|
|
4.0.0.0.0 public key #n keytype string (ASCII bytes)
|
|
4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes)
|
|
4.0.0.1.0 public key #n payload (bytes)
|
|
4.0.1 uint32 allocator for private key structure #n (4.0.1.0 to 4.0.1.5) (4 bytes)
|
|
4.0.1.0 uint32 decryption "checksum" #1 (should match 4.0.1.1) (4 bytes)
|
|
4.0.1.1 uint32 decryption "checksum" #2 (should match 4.0.1.0) (4 bytes)
|
|
4.0.1.2 Copy of 4.0.0.0; allocator for 4.0.1.2.0 (4 bytes)
|
|
4.0.1.2.0 Copy of 4.0.0.0.0 (ASCII bytes)
|
|
4.0.1.3 Copy of 4.0.0.1; allocator for 4.0.1.3.0 (4 bytes)
|
|
4.0.1.3.0 Copy of 4.0.0.1.0 (bytes)
|
|
4.0.1.4 uint32 allocator for 4.0.1.4.0 (4 bytes)
|
|
4.0.1.4.0 Private key #n (bytes)
|
|
4.0.1.5 uint32 allocator for 4.0.1.5.0 (4 bytes)
|
|
4.0.1.5.0 comment for key #n string (ASCII bytes)
|
|
4.0.1.6 sequential padding
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Note</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 3.0.0 to 3.0.1:</strong> These blocks are not present in unencrypted keys (see the <a href="#struct_ed25519_crypt">encrypted key structure</a> for what these look like). <strong>3.0</strong> reflects this, as it’s always going to be <code>00000000</code> (0).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0:</strong> This is technically currently unused; upstream hardcodes to 1 (left zero-padded <code>0x01</code>).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0.1.4.0:</strong> This is a 64-byte block for ED25519, but the second half of the private key (<code>[32:]</code>) is always the same as the public key.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0.1.6:</strong> The padding used aligns the private key (<strong>4.0.1.0</strong> to <strong>4.0.1.5.0</strong>) to the cipher blocksize. For plaintext keys, a blocksize of 8 is used.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="bytes_ed25519_plain"><a class="link" href="#bytes_ed25519_plain">3.2.2.2.2. Example</a></h6>
|
|
<div class="listingblock">
|
|
<div class="title"><code>id_ed25519</code> Format</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno">1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
</pre></td><td class="code"><pre>-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
QyNTUxOQAAACBEOIvJc2hN1mhXExEiv/ISyYO7prFixOl80R9zw52XsAAAAJjPbUqwz21K
|
|
sAAAAAtzc2gtZWQyNTUxOQAAACBEOIvJc2hN1mhXExEiv/ISyYO7prFixOl80R9zw52XsA
|
|
AAAEBqSF+KwoLTOqI6+TnpcaZY4ckcamLrBF8CvtJbNZflJ0Q4i8lzaE3WaFcTESK/8hLJ
|
|
g7umsWLE6XzRH3PDnZewAAAAElRoaXMgaXMgYSB0ZXN0IGtleQECAw==
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Structure Reference (Hex) (Decoded Base64)</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
28
|
|
29
|
|
</pre></td><td class="code"><pre>0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00)
|
|
1.0 00000004 (4)
|
|
1.0.0 6e6f6e65 ("none")
|
|
2.0 00000004
|
|
2.0.0 6e6f6e65 ("none")
|
|
3.0 00000000 (0)
|
|
4.0 00000001 (1)
|
|
4.0.0 00000033 (51)
|
|
4.0.0.0 0000000b (11)
|
|
4.0.0.0.0 7373682d65643235353139 ("ssh-ed25519")
|
|
4.0.0.1 00000020 (32)
|
|
4.0.0.1.0 44388bc973684dd66857131122bff212
|
|
c983bba6b162c4e97cd11f73c39d97b0 (bytes)
|
|
4.0.1 00000098 (141)
|
|
4.0.1.0 cf6d4ab0 (3480046256)
|
|
4.0.1.1 cf6d4ab0 (3480046256)
|
|
4.0.1.2 0000000b (11)
|
|
4.0.1.2.0 7373682d65643235353139 ("ssh-ed25519")
|
|
4.0.1.3 00000020 (32)
|
|
4.0.1.3.0 44388bc973684dd66857131122bff212
|
|
c983bba6b162c4e97cd11f73c39d97b0 (bytes)
|
|
4.0.1.4 00000040 (64)
|
|
4.0.1.4.0 6a485f8ac282d33aa23af939e971a658
|
|
e1c91c6a62eb045f02bed25b3597e527
|
|
44388bc973684dd66857131122bff212
|
|
c983bba6b162c4e97cd11f73c39d97b0 (bytes)
|
|
4.0.1.5 00000012 (18)
|
|
4.0.1.5.0 5468697320697320612074657374206b6579 ("This is a test key")
|
|
4.0.1.6 010203 ([1 2 3], 3 bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect4">
|
|
<h5 id="v1_encrypted_2"><a class="link" href="#v1_encrypted_2">3.2.2.3. v1 (Encrypted)</a></h5>
|
|
<div class="admonitionblock tip">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Tip</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>Currently, the only supported KDF is <strong>bcrypt_pbkdf</strong> (<code>bcrypt</code>).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>See the following for more details:</p>
|
|
</div>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p><a href="https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf" class="bare">https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf</a></p>
|
|
</li>
|
|
<li>
|
|
<p><a href="http://www.tedunangst.com/flak/post/bcrypt-pbkdf" class="bare">http://www.tedunangst.com/flak/post/bcrypt-pbkdf</a></p>
|
|
</li>
|
|
<li>
|
|
<p><a href="https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html" class="bare">https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html</a></p>
|
|
</li>
|
|
<li>
|
|
<p><a href="https://datatracker.ietf.org/doc/html/rfc2898" class="bare">https://datatracker.ietf.org/doc/html/rfc2898</a></p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="admonitionblock tip">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Tip</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>You can get a list of supported ciphers (<strong>1.0.0</strong>) via <code>ssh -Q cipher</code> on most systems.
|
|
Note that <strong>1.0.0</strong> has nothing to do with SSH connections themselves; it’s <strong>only</strong> for the encryption of <strong>4.0.1</strong>.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>This is likely going to be:</p>
|
|
</div>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p><code>3des-cbc</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes128-cbc</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes192-cbc</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes256-cbc</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>rijndael-cbc@lysator.liu.se</code> <em>(may not be present on all systems)</em></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes128-ctr</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes192-ctr</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes256-ctr</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes128-gcm@openssh.com</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>aes256-gcm@openssh.com</code></p>
|
|
</li>
|
|
<li>
|
|
<p><code>chacha20-poly1305@openssh.com</code></p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>The author recommends using <code>aes256-ctr</code>. It is currently the upstream default.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="struct_ed25519_crypt"><a class="link" href="#struct_ed25519_crypt">3.2.2.3.1. Structure</a></h6>
|
|
<div class="listingblock">
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
</pre></td><td class="code"><pre>0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes)
|
|
1.0 uint32 allocator for 1.0.0 (4 bytes)
|
|
1.0.0 cipher name string (ASCII bytes)
|
|
2.0 uint32 allocator for 2.0.0 (4 bytes)
|
|
2.0.0 KDF name string (ASCII bytes)
|
|
3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes)
|
|
3.0.0 uint32 allocator for 3.0.0.0 (4 bytes)
|
|
3.0.0.0 Salt/IV (bytes)
|
|
3.0.1 uint32 for number of rounds/"work factor" (4 bytes)
|
|
4.0 uint32 counter for # of keys (4 bytes)
|
|
4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes)
|
|
4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes)
|
|
4.0.0.0.0 public key #n keytype string (ASCII bytes)
|
|
4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes)
|
|
4.0.0.1.0 public key #n payload (bytes)
|
|
4.0.1 uint32 allocator for encrypted private key structure blob #n (4.0.1.0) (4 bytes)
|
|
4.0.1.0 <ENCRYPTED BLOB>
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Note</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0:</strong> This is technically currently unused; upstream hardcodes to 1 (left zero-padded <code>0x01</code>).</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><strong>Chunk 4.0.1.0:</strong> When decrypted, this is equivalent to the <a href="#struct_ed25519_plain">plaintext</a> <strong>4.0.1.0</strong> to <strong>4.0.1.6</strong>. It uses a padded size appropriate to the encryption cipher used.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect5">
|
|
<h6 id="bytes_ed25519_crypt"><a class="link" href="#bytes_ed25519_crypt">3.2.2.3.2. Example</a></h6>
|
|
<div class="paragraph">
|
|
<p>The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is <strong><code>test</code></strong>.</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title"><code>id_ed25519</code> Format</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno">1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
</pre></td><td class="code"><pre>-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBQEy9ykA
|
|
1o4KMfnXW28KW8AAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIL+iAxqlRjET5A4W
|
|
iWr1A8Upnq12sJy2OEb0HMTeF0D2AAAAoMSXd80NGn0323ehgUmRJ4+M6Z1XLixma5O5mG
|
|
dCXGDaRlL924VVCYUytRvu7ilZ+dtc9aCQUFJyDF3iXyxN2H68x7teo9e8vqzGtzLkw5KV
|
|
2Zkal+8/CDj4qb/UPts0AxiWSQiPbPt4lG+5FONYrGq8ZGkQcvXyeIU02dQtf0BrxQkLMN
|
|
8jy33YxcuTjkH6zW446IRbgWC/+EBZgRjUR8I=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Structure Reference (Hex) (Decoded Base64)</div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
16
|
|
17
|
|
18
|
|
19
|
|
20
|
|
21
|
|
22
|
|
23
|
|
24
|
|
25
|
|
26
|
|
27
|
|
</pre></td><td class="code"><pre>0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00)
|
|
1.0 0000000a (10)
|
|
1.0.0 6165733235362d637472 ("aes256-ctr")
|
|
2.0 00000006 (6)
|
|
2.0.0 626372797074 ("bcrypt")
|
|
3.0 00000018 (24)
|
|
3.0.0 00000010 (16)
|
|
3.0.0.0 50132f72900d68e0a31f9d75b6f0a5bc (bytes)
|
|
3.0.1 00000064 (100)
|
|
4.0 00000001 (1)
|
|
4.0.0 00000033 (51)
|
|
4.0.0.0 0000000b (11)
|
|
4.0.0.0.0 7373682d65643235353139 ("ssh-ed25519")
|
|
4.0.0.1 00000020 (32)
|
|
4.0.0.1.0 bfa2031aa5463113e40e16896af503c5
|
|
299ead76b09cb63846f41cc4de1740f6 (bytes)
|
|
4.0.1 000000a0 (160)
|
|
4.0.1.0 c49777cd0d1a7d37db77a1814991278f
|
|
8ce99d572e2c666b93b99867425c60da
|
|
4652fddb8555098532b51beeee2959f9
|
|
db5cf5a0905052720c5de25f2c4dd87e
|
|
bcc7bb5ea3d7bcbeacc6b732e4c39295
|
|
d9991a97ef3f0838f8a9bfd43edb3403
|
|
189649088f6cfb78946fb914e358ac6a
|
|
bc64691072f5f2788534d9d42d7f406b
|
|
c5090b30df23cb7dd8c5cb938e41facd
|
|
6e38e8845b8160bff840598118d447c2 (AES256-CTR encrypted block) (bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<div class="title">Note</div>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>The decrypted <strong>4.0.1.0</strong> should match the <a href="#struct_ed25519_plain">plaintext key’s structure</a> for <strong>4.0.1</strong> through <strong>4.0.1.6</strong>. The padding length WILL change, however, between the two unless using a cipher with an 8-byte block size.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>When <strong>4.0.1.0</strong> is decrypted, it yields:</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">Decrypted <strong>4.0.1.0</strong></div>
|
|
<div class="content">
|
|
<pre class="rouge highlight"><code data-lang="text"><table class="linenotable"><tbody><tr><td class="linenos gl"><pre class="lineno"> 1
|
|
2
|
|
3
|
|
4
|
|
5
|
|
6
|
|
7
|
|
8
|
|
9
|
|
10
|
|
11
|
|
12
|
|
13
|
|
14
|
|
15
|
|
</pre></td><td class="code"><pre>4.0.1.0 f890d89a (4170242202)
|
|
4.0.1.1 f890d89a (4170242202)
|
|
4.0.1.2 0000000b (11)
|
|
4.0.1.2.0 7373682d65643235353139 ("ssh-ed25519")
|
|
4.0.1.3 00000020 (32)
|
|
4.0.1.3.0 bfa2031aa5463113e40e16896af503c5
|
|
299ead76b09cb63846f41cc4de1740f6 (bytes)
|
|
4.0.1.4 00000040 (64)
|
|
4.0.1.4.0 ce6e2b8d638c9d5219dff455af1a90d0
|
|
a5b72694cfcedfb93bc1e1b1816dee98
|
|
bfa2031aa5463113e40e16896af503c5
|
|
299ead76b09cb63846f41cc4de1740f6 (bytes)
|
|
4.0.1.5 00000012 (18)
|
|
4.0.1.5.0 5468697320697320612074657374206b6579 ("This is a test key")
|
|
4.0.1.6 0102030405060708090a0b ([1 2 3 4 5 6 7 8 9 10 11], 11 bytes)
|
|
</pre></td></tr></tbody></table></code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>See the <a href="#struct_ed25519_plain">plaintext structure</a> for details.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div id="footnotes">
|
|
<hr>
|
|
<div class="footnote" id="_footnotedef_1">
|
|
<a href="#_footnoteref_1">1</a>. <a href="https://datatracker.ietf.org/doc/html/rfc7468" class="bare">https://datatracker.ietf.org/doc/html/rfc7468</a>
|
|
</div>
|
|
<div class="footnote" id="_footnotedef_2">
|
|
<a href="#_footnoteref_2">2</a>. <a href="https://datatracker.ietf.org/doc/html/rfc4648" class="bare">https://datatracker.ietf.org/doc/html/rfc4648</a>
|
|
</div>
|
|
<div class="footnote" id="_footnotedef_3">
|
|
<a href="#_footnoteref_3">3</a>. <a href="https://datatracker.ietf.org/doc/html/rfc8017" class="bare">https://datatracker.ietf.org/doc/html/rfc8017</a>
|
|
</div>
|
|
<div class="footnote" id="_footnotedef_4">
|
|
<a href="#_footnoteref_4">4</a>. <a href="https://datatracker.ietf.org/doc/html/rfc8709" class="bare">https://datatracker.ietf.org/doc/html/rfc8709</a>
|
|
</div>
|
|
</div>
|
|
<div id="footer">
|
|
<div id="footer-text">
|
|
Last updated 2022-03-07 03:36:15 -0500
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |